a795d2958f8f7d99124d2fe89fc0bf445d04bc6541de50e86927e09be07f343e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 12:43

Target

2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe
Size

411KB
MD5

c756430cd9fb634942567260ba1d143a
SHA1

14aebf8b453416826e968dad004892b85ee159d6
SHA256

a795d2958f8f7d99124d2fe89fc0bf445d04bc6541de50e86927e09be07f343e
SHA512

9f9ab6622ecce03e5973d6215babc622d3e0f13e3391c505802b3218200c426b942a9daa0e7c6e06dfd67c8d471ed81ba9ea09e0735dd1a5d3dde84b04f6c683
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mF3FbtVqD5cYRY5j65r0Mp3qHI:gZLolhNVyE80DTRY5eZ0oqHI

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3024	909C.tmp

Executes dropped EXE 1 IoCs

pid	Process
3024	909C.tmp

Loads dropped DLL 1 IoCs

pid	Process
2876	2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3024	2876	2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe	28
PID 2876 wrote to memory of 3024	2876	2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe	28
PID 2876 wrote to memory of 3024	2876	2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe	28
PID 2876 wrote to memory of 3024	2876	2024-02-28_c756430cd9fb634942567260ba1d143a_mafia.exe	28

\Users\Admin\AppData\Local\Temp\909C.tmp

Filesize
411KB

MD5
5f2243b60be579a42f4361761c9f522d

SHA1
ac12d8cae237915c39598f317d105c9a8d269838

SHA256
119df3689887ac4ee4921109adfdaa98781178a580cfd1cb27aff529bc3387e9

SHA512
400c97c65b99b7d2d7695c5c6175eabaeccc0e5b7b8f79e56e454f1b654cf847a7efe09ae58fa2de3ed2597bc3fc9dc23aedbacdfaf6ee5d63c17ed5110614c8

Download Submit