c30118994df357b98bbdb082064057c644822b2be3069a1f10f66dc2be3df830

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 18:44

Target

2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe
Size

443KB
MD5

a54ec28ad27643602b4565950ed28443
SHA1

2dfc1cde5f7265c59660ca3c0575c66101f66d9e
SHA256

c30118994df357b98bbdb082064057c644822b2be3069a1f10f66dc2be3df830
SHA512

1cd1a6d6a59f1e0dffdfa844f7295688fad840c5231eb70f76ac87418a0d7a5913aedf37b44dea4715c79425ade27a59ab2bb3e10a9f32851144a47fbca0e8f2
SSDEEP

12288:Wq4w/ekieZgU605EVuc1NVUz/5Vxd+nmlMa:Wq4w/ekieH605EVb1Ni/5VxonmP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1772	3C93.tmp

Executes dropped EXE 1 IoCs

pid	Process
1772	3C93.tmp

Loads dropped DLL 1 IoCs

pid	Process
2148	2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1772	2148	2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe	28
PID 2148 wrote to memory of 1772	2148	2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe	28
PID 2148 wrote to memory of 1772	2148	2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe	28
PID 2148 wrote to memory of 1772	2148	2024-03-14_a54ec28ad27643602b4565950ed28443_mafia.exe	28

\Users\Admin\AppData\Local\Temp\3C93.tmp

Filesize
443KB

MD5
c7e30d5bd64b79c19c8697a9d4c0e852

SHA1
b888c4f27d06e350eb114ea66f6f579a469be356

SHA256
4a28c9f8072e42ee55665f28fc90f61ce9a1ad9ab9a05ca2bbac7e80bf97baea

SHA512
48e36abbad2da33a1d4221018fe725cb96c26e1046167f714d54fe87eeb738a72adecdb5a9580282dab4cd82b64ba18b90990edf18c48338e2755deb43a5108b

Download Submit