06cbffbff2061457f202150f74f640c6dd06340579d4d0e41a1e56aab66a9409

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-02-2024 04:52

Target

2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe
Size

411KB
MD5

8d70008be78464f2b5566b2ae037fff3
SHA1

a3570ea536181879d14e4dc91250a227c59e89cd
SHA256

06cbffbff2061457f202150f74f640c6dd06340579d4d0e41a1e56aab66a9409
SHA512

5a440e5f35ea04c4a6c4c652e4e77d20e735b6c9611c4ecdcea713381b1933b2203fc8b99c6866ebc2cffdef7293fc815072fe25a294b40fbe1e3becf8c52439
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFIF7s7f5jcfeW6pVKMkmIsLOvkI3CCYO59BqHI:gZLolhNVyEj65tKmIsLOlC0BqHI

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1664	1593.tmp

Executes dropped EXE 1 IoCs

pid	Process
1664	1593.tmp

Loads dropped DLL 1 IoCs

pid	Process
1984	2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1664	1984	2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe	29
PID 1984 wrote to memory of 1664	1984	2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe	29
PID 1984 wrote to memory of 1664	1984	2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe	29
PID 1984 wrote to memory of 1664	1984	2024-02-23_8d70008be78464f2b5566b2ae037fff3_mafia.exe	29

\Users\Admin\AppData\Local\Temp\1593.tmp

Filesize
411KB

MD5
39c35e316bdabd3da87e11b7184df0e6

SHA1
a9b9f8a3d3d3322c0f787b2a20c9acd4a5034e2e

SHA256
22c6b37a36a278ce77fc6bf81d2bf6d02ff9890bce90e5902aee03db0bce7a3a

SHA512
050c3dd19cd42cf74906b5fe5dc4d0fd173f216fe6afd3af0c32341c1ad67457f69ec03446f6a0d051870550c828e66f3917a1088333e8fd7db44434728e6a02

Download Submit