986e799c5fb23011423bc40282649d3c642437dcc78e10fc5f19115a53ce3460

Analysis

max time kernel
92s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:22

Target

2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe
Size

428KB
MD5

12186763773ddc9cd5a79a909cd44974
SHA1

38299b9b06393e978ec0828c15904a116d6ac257
SHA256

986e799c5fb23011423bc40282649d3c642437dcc78e10fc5f19115a53ce3460
SHA512

816a08f107478284f77c6300feccd984fbaf17afa0038a54f8f8e6bf09a04ff648285e81b4f7cbe91f072e9e8b22c988bf745d635109494cf51460c3b04ccb45
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFCC4dl5xb3g6JYhsp+M3sClSQNbF3yoo+3sMpqHR:gZLolhNVyERbgYYhE+52xsMpqHR

Score

7^/10

Deletes itself 1 IoCs

Processes:

4A67.tmp

pid process

836 4A67.tmp
Executes dropped EXE 1 IoCs

Processes:

4A67.tmp

pid process

836 4A67.tmp

pid	process
836	4A67.tmp

pid	process
836	4A67.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe

description	pid	process	target process
PID 4988 wrote to memory of 836	4988	2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe	4A67.tmp
PID 4988 wrote to memory of 836	4988	2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe	4A67.tmp
PID 4988 wrote to memory of 836	4988	2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe	4A67.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_12186763773ddc9cd5a79a909cd44974_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4988

C:\Users\Admin\AppData\Local\Temp\4A67.tmp

Filesize
428KB

MD5
4c29e09accdb3dc003bb9b06dcff3cfa

SHA1
34a20836db3da0c5244870230c2463c00c48fe9b

SHA256
8052c7031b50dcef1c1799a4339af318746e0cc0162c3db6325e13cc824871d8

SHA512
a13869d751224e9dbc4eb0b1ff8c54a3a40994cb3ecc85df256d9ae0711e2c8375160d3ab9413e8eab6a4fbc9602679cbab8ee9030d343d56c34d1085486d48f

Download Submit