cc8e763d1bc8afa2cb09cef3d5a6cd69d5e49d3ae3c3a111fa076f910ac423c9

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-02-2024 08:57

Target

2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe
Size

413KB
MD5

dd323b8fa4bf77eda2fb023c1023f6f4
SHA1

a09696ae5ea1a367f3cf3a494891a0c127740bd6
SHA256

cc8e763d1bc8afa2cb09cef3d5a6cd69d5e49d3ae3c3a111fa076f910ac423c9
SHA512

ff2ec6af2ec9a53c7569a75e193ec7d3655bccf5032dd5a8821a3a57675bfab63bf9c0fb7753dbb98c56cbc948e417ced19569622ce381ba386c78ecbfd75dcc
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFpL+70zlan3WOXdjlgeUqHg:gZLolhNVyE0C70zlo5gdqHg

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2308	35DF.tmp

Executes dropped EXE 1 IoCs

pid	Process
2308	35DF.tmp

Loads dropped DLL 1 IoCs

pid	Process
2292	2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2308	2292	2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe	28
PID 2292 wrote to memory of 2308	2292	2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe	28
PID 2292 wrote to memory of 2308	2292	2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe	28
PID 2292 wrote to memory of 2308	2292	2024-02-19_dd323b8fa4bf77eda2fb023c1023f6f4_mafia.exe	28

\Users\Admin\AppData\Local\Temp\35DF.tmp

Filesize
413KB

MD5
9cf21f2e3781ca0ca83901a17d32f035

SHA1
e4f42e2094773e636d5cb17702d2136ae5abddbd

SHA256
a2aca94e483e385af087e40905b30643a489d91de431db7bcc2704302fa32db5

SHA512
467974af9953140080783f900d893bbbac17fb416df8f6ce5b24557dbd7ff076fac292cb29e7414b435aaf03be0c83f66bcb03944034a15d3c133d636baccdfd

Download Submit