3e9667b2a430f8e017e9aebe526819dec5bf8b21b1f54cb989d03a57c834748d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 07:34

Target

2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe
Size

476KB
MD5

1fbb7cda8ceb4687b84a7c1db4723605
SHA1

5ee4c68d8a23613a417041f98817d64422157b50
SHA256

3e9667b2a430f8e017e9aebe526819dec5bf8b21b1f54cb989d03a57c834748d
SHA512

1f17cf5d7212dd0fc654ded9327d3c74ad983be00d637a5a6c7dfa184f0c89eab8f07e7e9dadfe6b8d105f41f8402336576d8e062b4d4b63637b87a80c412727
SSDEEP

12288:aO4rfItL8HRDVFbA6y8CZot/DdZf8j6/eDDxkR7K9wlsDpVFd:aO4rQtGRk6yjAdZxe32+9wlsDpVFd

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1584	DE6.tmp

Executes dropped EXE 1 IoCs

pid	Process
1584	DE6.tmp

Loads dropped DLL 1 IoCs

pid	Process
2180	2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1584	2180	2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe	28
PID 2180 wrote to memory of 1584	2180	2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe	28
PID 2180 wrote to memory of 1584	2180	2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe	28
PID 2180 wrote to memory of 1584	2180	2024-02-28_1fbb7cda8ceb4687b84a7c1db4723605_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\DE6.tmp

Filesize
476KB

MD5
cde3dab7383a59009c3b0aab7ffc9284

SHA1
b7ac009e74fbad7577d142be3795ca8929a81560

SHA256
99ce990d70817bf7571f2a3aeb75734baf014a8b0367a91ef57ea6be4b22ef2d

SHA512
9c4113bffdb9f6163b8c12a01045c4f08fce0a9716ca69afcfaa69c564eb67f992e7e6007ce57db00f4bf9c8d43c2c8ca86766c53329f8e0b28d84e169f841fd

Download Submit