feb24135ed54070887ad6efe38db0c7b4897b68838603754d933e9251bb59f10

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:41

Target

2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe
Size

443KB
MD5

87360e8b8f6d1f1678f7dc696a3f699c
SHA1

b926c0297dc7916e481053706c0ef103a8b1bd08
SHA256

feb24135ed54070887ad6efe38db0c7b4897b68838603754d933e9251bb59f10
SHA512

5b58cdff30e3b796b08c28a22c7b0c47dedff4fd0bb54dc8cb4076d08ac820d40739dcaf047fb930bf17c54b3c27ae967a8bf644a28b68208cb4a7f23b4ba1a8
SSDEEP

12288:Wq4w/ekieZgU6UP/yo8L+HKlfcvNM8XlMa:Wq4w/ekieH6CRqlfcvbP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2368	905D.tmp

Executes dropped EXE 1 IoCs

pid	Process
2368	905D.tmp

Loads dropped DLL 1 IoCs

pid	Process
3020	2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2368	3020	2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe	28
PID 3020 wrote to memory of 2368	3020	2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe	28
PID 3020 wrote to memory of 2368	3020	2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe	28
PID 3020 wrote to memory of 2368	3020	2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe	28

\Users\Admin\AppData\Local\Temp\905D.tmp

Filesize
443KB

MD5
380bcbd51e216685aa90f518d44bc8d1

SHA1
09657a9ca974853412b3c49b956228eb96f6110b

SHA256
98340c656b7326a356f2b724fa798404fe608a4733841577e6ae8ffb729d711d

SHA512
6971a1005aae57c2e2f4fd3501e790a3a8510b5fd1a6373215da2ebe17fb65cf76597faddefbc3b7a29d65c66ed29e5a8fccd930fe0f7e3a672f79d5a08871ed

Download Submit