7f88de43b0d8b73adb321c85d63cfb61243f5e5057bd8ec71c8ececd4fb4b438

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17-02-2024 22:49

Target

2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe
Size

428KB
MD5

82d076978594f39258cd1a56390f9e8a
SHA1

6a03970b7eae01672955beb333e2043f08c03dea
SHA256

7f88de43b0d8b73adb321c85d63cfb61243f5e5057bd8ec71c8ececd4fb4b438
SHA512

7644534f71601d3e3588433432a158cb6b13fa04ead7b046842419fb47ea1f81939897715a1e50b1db3974efe9dc6588000eeefd5cefb66171b371e71ae13417
SSDEEP

12288:gZLolhNVyE9dOM1QNo1Rlfr7A5VPL/E/n5UNqHR:gZqhOEe8QC1RlfnA5Z/KOU

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2688	4DD2.tmp

Executes dropped EXE 1 IoCs

pid	Process
2688	4DD2.tmp

Loads dropped DLL 1 IoCs

pid	Process
1656	2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2688	1656	2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe	28
PID 1656 wrote to memory of 2688	1656	2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe	28
PID 1656 wrote to memory of 2688	1656	2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe	28
PID 1656 wrote to memory of 2688	1656	2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe	28

\Users\Admin\AppData\Local\Temp\4DD2.tmp

Filesize
428KB

MD5
a060d23d5a7d63cbedabb4e7b0662eac

SHA1
4cc5cf80d5d50d74ebb57c6da2a526b019f25d3f

SHA256
000412c68926fdfbb99112b2acb06931d28ccbb72750b89bc4c2de5e8efea367

SHA512
b34a80db3469b0c7bd3818d385fde170a47cbe80460ef2e344d7814cb52cee4d587f57a7d8cbfd8000043e25e52a20fb1662af5ddda9c8ba8eec9f92f069ea44

Download Submit