ad5d360f31ae3eac2973e4303da47fa1cea4e4f119a5061fe4896cb9f9a3d23f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 14:11

Target

2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe
Size

444KB
MD5

da62bd64b6e3c199c150f7cb6bb42d3a
SHA1

1c91486bfb0a39e0d09591d4de1a5acfcf9e42f4
SHA256

ad5d360f31ae3eac2973e4303da47fa1cea4e4f119a5061fe4896cb9f9a3d23f
SHA512

904b1089ceb0421032f6d6e48513b2f3a949efa0f37f59e6455d75d71bd9ca90a64f6a1980c8491b1c60eca0eac2b395c5dc01b3f2b5fb9d6c4ce2ec40646063
SSDEEP

6144:fFrJxvldL4c5ONK1xgWbd1s79+iStoHXGAn3t5vJcynXgqH6P7ZOcoywV8q+sU8w:Nb4bZudi79LBHXGAn3xhXgZ7Y5byvKA

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2936	C31.tmp

Executes dropped EXE 1 IoCs

pid	Process
2936	C31.tmp

Loads dropped DLL 1 IoCs

pid	Process
2864	2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2936	2864	2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe	28
PID 2864 wrote to memory of 2936	2864	2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe	28
PID 2864 wrote to memory of 2936	2864	2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe	28
PID 2864 wrote to memory of 2936	2864	2024-02-21_da62bd64b6e3c199c150f7cb6bb42d3a_mafia.exe	28

\Users\Admin\AppData\Local\Temp\C31.tmp

Filesize
444KB

MD5
1c9c4986d4aa63b81229040dea50738d

SHA1
be36f16b13282f3be55dca3c1f9ac5357ef764dd

SHA256
c6fc9f03f286bc1da8dac7b61da714667e3b7a33c05c8157be09fafeb8ec641b

SHA512
bc6b120ef929a904b40535a1bd8f946283ec54f75fe96de78b1a6ae75b098fae1fc287ea409d23c43fadcac299125a66f736f7f580596c77cf25941f5b807d84

Download Submit