beb2ffd2011d6ab2906b03183bf8313cc7a3def3737d6d45a65c6c6cd13ac023

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 01:36

Target

2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe
Size

479KB
MD5

65be25701791c7583bd557e61d3c7bf2
SHA1

71606a4cfff5d24adcbab411d2434881042d9ac7
SHA256

beb2ffd2011d6ab2906b03183bf8313cc7a3def3737d6d45a65c6c6cd13ac023
SHA512

68dd6bba96f99467b8d5f509da6c21e55254463258091566dc451056501bf3b308169f6fe1a4c8a90a46f781d1b32dfe05e7a8e86a0cadf1ac8b1649552568a4
SSDEEP

12288:bO4rfItL8HAkurrqpNSBqln3HkfRlfjPs75UO:bO4rQtGA2NScl3HslfAVUO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2124	6078.tmp

Executes dropped EXE 1 IoCs

pid	Process
2124	6078.tmp

Loads dropped DLL 1 IoCs

pid	Process
3028	2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2124	3028	2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe	28
PID 3028 wrote to memory of 2124	3028	2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe	28
PID 3028 wrote to memory of 2124	3028	2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe	28
PID 3028 wrote to memory of 2124	3028	2024-02-20_65be25701791c7583bd557e61d3c7bf2_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\6078.tmp

Filesize
479KB

MD5
1b7f07d48f6a4a9f5eaec954dcb7bec2

SHA1
82f2f1013a058b905e4acb8e339146016f4ba0b3

SHA256
eb84938c09a0be73e54583dc89e5d4e133129814c46eba1d00877544eaee1279

SHA512
0b0eb9efdf0f2c2328d8cbd199faec0a2a9bc7446a20030abea694b92b6a84668e03e20ec26274c5dfcc14c84cef295abf21d9d2c25898d5d47e2f26d5fe8c7a

Download Submit