ff335b9b461b0f1134402dbeabb025456db451f894f221a0f896711061dc1da0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 20:23

Target

2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe
Size

444KB
MD5

0553784e7867d6e3a7b4505983a6ee10
SHA1

94144cfa01b84a0f7f94de7f931dab8ab8724854
SHA256

ff335b9b461b0f1134402dbeabb025456db451f894f221a0f896711061dc1da0
SHA512

aebc330bc20028ce8b0a087b7be9994c76223390a307ab3196347fa76525e154277589f6d7e8bd763ac77634fccc3aaaef49a799a529fcf9a8aa38bb0c6175ee
SSDEEP

12288:Nb4bZudi79LxTeEdHovORKuhV+SVThBmneA:Nb4bcdkL5eBWdr+SVTPm

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2624	3C45.tmp

Executes dropped EXE 1 IoCs

pid	Process
2624	3C45.tmp

Loads dropped DLL 1 IoCs

pid	Process
2512	2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2624	2512	2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe	28
PID 2512 wrote to memory of 2624	2512	2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe	28
PID 2512 wrote to memory of 2624	2512	2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe	28
PID 2512 wrote to memory of 2624	2512	2024-02-21_0553784e7867d6e3a7b4505983a6ee10_mafia.exe	28

\Users\Admin\AppData\Local\Temp\3C45.tmp

Filesize
444KB

MD5
e0e801ed20e4ea31ea7b69868429dab5

SHA1
185924fd9b1fcb8f6bba5d3fbb7053a8096ae276

SHA256
c7f275ae8ac8c8543429d779139c221b3c228b665258e3f7eaa361f089ef5e86

SHA512
4ae929fd88210bd2002798164e65fc1ea5aba0e7081c7007adb46ffb8090a0bf0f5f83f8966ed1dcaa3424edfdae08b145e4cd8831c4908363d7e0ac05badacb

Download Submit