b2766a57d9dabbabae7e02bb035442372e9fb63a21e782b61278d55800d4b11e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 14:48

Target

2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe
Size

444KB
MD5

8454e63132efe915e57efe73b19bf474
SHA1

f09d739035e06e9251b77ad004c5615ac89c8ad9
SHA256

b2766a57d9dabbabae7e02bb035442372e9fb63a21e782b61278d55800d4b11e
SHA512

2ad33dc53308d80cf936ffc6b7f2df978d164c6879fd9ebbf8ae1d60426975b4eea6393639160a2b44473d9388a28697ff7ac13ba198e02d7c7aed91dfb7d486
SSDEEP

6144:fFrJxvldL4c5ONK1xgWbd1s79+iStnQW6TTrakY1m5ybx9dtrAdia8ekWzSSRwx3:Nb4bZudi79L1WkBmmKxTikviA

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2760	63A3.tmp

Executes dropped EXE 1 IoCs

pid	Process
2760	63A3.tmp

Loads dropped DLL 1 IoCs

pid	Process
2200	2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2760	2200	2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe	1
PID 2200 wrote to memory of 2760	2200	2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe	1
PID 2200 wrote to memory of 2760	2200	2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe	1
PID 2200 wrote to memory of 2760	2200	2024-02-19_8454e63132efe915e57efe73b19bf474_mafia.exe	1

C:\Users\Admin\AppData\Local\Temp\63A3.tmp

Filesize
444KB

MD5
c02a8e9466e40649ce8efc881bf53441

SHA1
e1b3bd8cfb90eaa518644f14e5a7d04127194ae0

SHA256
11046096864c1a5eee9c38925fb1d319132b30a44e0337fa59d9b2cc83417eb6

SHA512
9d6df6c2f5cc7c1e249c69760c209ceb8d137dd0680c09f1300d5121208645a8d33717ee509fd23b1b9ed5dce77d0b403ddb1f5244992130c0d8cb93c4e48795

Download Submit