ffb0164cf189fbb13e8f9c3d0501d5b7bb954a9c565e7679e59e24fe7eabc917

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 19:57

Target

2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe
Size

428KB
MD5

c6651c8d77ad6c5b51805aeefd72bcce
SHA1

7a0c5e320917ad9a03c9a352bdf8bd1e0efcee1c
SHA256

ffb0164cf189fbb13e8f9c3d0501d5b7bb954a9c565e7679e59e24fe7eabc917
SHA512

cea4827ac3c6cbf587ecd4cb90f2200737409c27b0508aeb6fd02922fdea84d2e9b5fbc239a6c5f946448607219af009358bc4098496081c667b949c82b8677c
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFAkuJESu+03mW+vEXOrhEr7mxONnqHR:gZLolhNVyEOuJESu+03mJEr7mSqHR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2880	44CD.tmp

Executes dropped EXE 1 IoCs

pid	Process
2880	44CD.tmp

Loads dropped DLL 1 IoCs

pid	Process
2312	2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2880	2312	2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe	28
PID 2312 wrote to memory of 2880	2312	2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe	28
PID 2312 wrote to memory of 2880	2312	2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe	28
PID 2312 wrote to memory of 2880	2312	2024-02-21_c6651c8d77ad6c5b51805aeefd72bcce_mafia.exe	28

\Users\Admin\AppData\Local\Temp\44CD.tmp

Filesize
428KB

MD5
4d953231d7a43b8d00e153522186d723

SHA1
f77c90a19c1bdc1a2daaeec18c780d513d3bce5b

SHA256
13214b401b4c7bea20c69993d06fc38e6b4baebed035a1754fb09a549546128b

SHA512
4e514e37bbe3bea5ef5983239199fa79756dbaf15d80e6be986a02b2ad248dd2b05b001cc4c6debce0d89cf36f6abeae2105496d8b2ce6db897171433ef0dd52

Download Submit