ff3095dc2214b7f8b84ca4af9567d0f4f72d968910a682363fb01d3eeee84275

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 10:22

Target

2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe
Size

433KB
MD5

121981235d8d7c26627299a952768ac9
SHA1

0c42cbae60a93262896966749d5eabe7c13dbbd0
SHA256

ff3095dc2214b7f8b84ca4af9567d0f4f72d968910a682363fb01d3eeee84275
SHA512

f441cf6119f3e9098f94c71288486a0247219fffa4508245c41a1406fe75d0fe35cb814f6876307b31c09a41571efd8941584e81c4a9af98de3c638f7eac3a76
SSDEEP

6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvqjilI1u82jnLW9dNV+2CigrABXXkFBM/n:Ci4g+yU+0pAiv+W1u8HE2JgrqXkQ/n

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2328	77A0.tmp

Executes dropped EXE 1 IoCs

pid	Process
2328	77A0.tmp

Loads dropped DLL 1 IoCs

pid	Process
2916	2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2328	2916	2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe	28
PID 2916 wrote to memory of 2328	2916	2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe	28
PID 2916 wrote to memory of 2328	2916	2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe	28
PID 2916 wrote to memory of 2328	2916	2024-02-19_121981235d8d7c26627299a952768ac9_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\77A0.tmp

Filesize
433KB

MD5
ccfa3610db421a46f96b32bb6ad4a8d2

SHA1
292dcf6b704fae109352825ba154565e0c1dc139

SHA256
5b70c76418c433901af36af72400264de73495d54be8fa5d8d02d9a313f4a636

SHA512
a9feb784f9665a44505ad252664197defa8fc1b6bff39236070f1b5c52335ea2d7f957fba55edf764a8ccd66f6cc709785d02fced39a1473bcfe0e73070958cb

Download Submit