faef3395c9c71c5d925528adcfe12677cebb6b91b53eae482f8db24d7ccead7f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 15:49

Target

2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe
Size

486KB
MD5

b9a775f5ac5fceb342faf561ca28615d
SHA1

2e07aecde54eb967a45aaf739213416888335a72
SHA256

faef3395c9c71c5d925528adcfe12677cebb6b91b53eae482f8db24d7ccead7f
SHA512

c1d3e71f499826b891d2a0f8cae4a2c77db0d40a4805e55511a890e3007cd5ae66a51e0540bc0413be155e6c5f8565fd94324a796238301071ff3cc33456ed2b
SSDEEP

12288:3O4rfItL8HPKXIgZo4jrEbAEzeKSsB00oRoF7rKxUYXhW:3O4rQtGPKJTkbA49SsB0nE3KxUYXhW

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2236	194B.tmp

Executes dropped EXE 1 IoCs

pid	Process
2236	194B.tmp

Loads dropped DLL 1 IoCs

pid	Process
2900	2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2236	2900	2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe	28
PID 2900 wrote to memory of 2236	2900	2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe	28
PID 2900 wrote to memory of 2236	2900	2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe	28
PID 2900 wrote to memory of 2236	2900	2024-03-14_b9a775f5ac5fceb342faf561ca28615d_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\194B.tmp

Filesize
486KB

MD5
b3685e6f3b579083870f2fb96d19724a

SHA1
f5cde15a8726dd9ed27400f0143cd4ff1dca0922

SHA256
2b49c8b779382925259b006202a94b5c9843b94d482544aba60426d1619773ef

SHA512
2d40c8a2963358dec15d90fa835c4aef3f85b5210fb9a77510e1f695876f2a472251439faa844085030dbad97d33710825c5b86be68efdd2892029500ae6ecad

Download Submit