0649ed5fb769dfde81d59a631a56ce55f996db737ca08219a43bb61b68478612

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:23

Target

2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe
Size

479KB
MD5

d602c0a5b9f638ce7660be7f803d0a52
SHA1

0e5df5695bb5191f9382b6376f87dc12fe89e4e8
SHA256

0649ed5fb769dfde81d59a631a56ce55f996db737ca08219a43bb61b68478612
SHA512

89584ac5e19b31de9a6da82cf4fde02ea49c05dad9f5a64483a7ebe3ec1e48796a29b16b7cc80e51d4671f905adb2389581ceeb67b3c39a839b5cc369948154d
SSDEEP

12288:bO4rfItL8HA4u8CG36QIn9msMd7kPfYh0S75UO:bO4rQtGAD8CG36zp9AxVUO

Score

7^/10

Deletes itself 1 IoCs

Processes:

3FA9.tmp

pid process

896 3FA9.tmp
Executes dropped EXE 1 IoCs

Processes:

3FA9.tmp

pid process

896 3FA9.tmp

pid	process
896	3FA9.tmp

pid	process
896	3FA9.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe

description	pid	process	target process
PID 4568 wrote to memory of 896	4568	2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe	3FA9.tmp
PID 4568 wrote to memory of 896	4568	2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe	3FA9.tmp
PID 4568 wrote to memory of 896	4568	2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe	3FA9.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d602c0a5b9f638ce7660be7f803d0a52_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4568

C:\Users\Admin\AppData\Local\Temp\3FA9.tmp

Filesize
479KB

MD5
05e68f8ac45cd65e62f45365dbb6d29d

SHA1
21fcb79c14299cfaa66715a5388a856f98f79043

SHA256
7f00cf781519668a1e68d3a360d79b9c1d3142bda8e957e18346a393642a538a

SHA512
e0b2972d86aed28592c4da07501f2d0bf6c8a16f036668c8673a88711088cf768517eebac5aa5ca5e066bf26b6bc465b5ec165d4e093bcc7f9622c5798feefad

Download Submit