69615f44a22bc2e2345ca6fb4d1c31695c3f7ff5ea28d9d88848b5039e887a86

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:02

Target

2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe
Size

412KB
MD5

720e5b56510cedc4aedde330352fa878
SHA1

7a3de0ac0d024bf5e3e9e45f8f783082db514964
SHA256

69615f44a22bc2e2345ca6fb4d1c31695c3f7ff5ea28d9d88848b5039e887a86
SHA512

6db4fb58ab412d206ca426c22234dfbf33f7fe3d13956e049ca10910197c390384cc95169b24718d1e0ce6ee6f46e325e53d3268acc995789074f147e491c02e
SSDEEP

12288:U6PCrIc9kph5W8RtRIQDvbNb162f2s7QK:U6QIcOh5vRtRIQDvbNh2s7Q

Score

7^/10

Deletes itself 1 IoCs

Processes:

6A72.tmp

pid process

2972 6A72.tmp
Executes dropped EXE 1 IoCs

Processes:

6A72.tmp

pid process

2972 6A72.tmp

pid	process
2972	6A72.tmp

pid	process
2972	6A72.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe

description	pid	process	target process
PID 1868 wrote to memory of 2972	1868	2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe	6A72.tmp
PID 1868 wrote to memory of 2972	1868	2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe	6A72.tmp
PID 1868 wrote to memory of 2972	1868	2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe	6A72.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868

C:\Users\Admin\AppData\Local\Temp\6A72.tmp
Filesize
412KB

MD5
0ff3adbbb7202ba0873826baa1b2b8d1

SHA1
cc688bfc9dd6a655428dd8e0a46e5eaa7d604da2

SHA256
42a38f80035dea90530cf17a043f358f8bd52de3caf5827875d0086e06a85d8b

SHA512
854071efddd8a82086d60b97a97ff68d34f5960d762f554a48f3755f1ca4a56d0798a587ad1650c0c81993ba1de73f664566cfd4c12da392fd6b724c0a429bf2

Download Submit