b19b62d72b9cf8f8569eeb1d97e57b6da1a4578febdf14ceb7017dff6abb5df9

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
25-03-2024 13:39

Target

2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe
Size

486KB
MD5

7c2bd2c962cc0e7bc6a75a64b900928e
SHA1

a42687f3f0abe55fbce55b88bff87fe4cb654972
SHA256

b19b62d72b9cf8f8569eeb1d97e57b6da1a4578febdf14ceb7017dff6abb5df9
SHA512

d93672d99539f04da8721a18b7d330610f429759b16ec2e69ec23c7481e81db44dfe1e04cf6cacd879ddcbb6f28054dfcdb138839da5957172820d890b067f9f
SSDEEP

12288:3O4rfItL8HPo8SQJOZf/Q7qjbIUd/fpPhI7rKxUYXhW:3O4rQtGPBSQJqQOjbP7I3KxUYXhW

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2012	3968.tmp

Executes dropped EXE 1 IoCs

pid	Process
2012	3968.tmp

Loads dropped DLL 1 IoCs

pid	Process
1788	2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2012	1788	2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe	28
PID 1788 wrote to memory of 2012	1788	2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe	28
PID 1788 wrote to memory of 2012	1788	2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe	28
PID 1788 wrote to memory of 2012	1788	2024-03-25_7c2bd2c962cc0e7bc6a75a64b900928e_mafia.exe	28

\Users\Admin\AppData\Local\Temp\3968.tmp

Filesize
486KB

MD5
878bf35c6db2262a1f64b30af8876ff2

SHA1
b3f4a1df64a9396fe39631c64387ce2f8005390c

SHA256
c2f72cf115ef76d0c59443898722d99fac7268bec0c1ebfb8bf991a9770e40b6

SHA512
6df3c88f0ca48930e3a58b3f340cab4d4412ffd56da6a0ff0901a29ad5cf008511c807a023db6c472ada95ef81a820253b7e4a5f528d4ce951137e7f686e7fbb

Download Submit