ae729950920de73f2bcdbf82b7e2f93a5093a7cf9924ff1fa40c6a5643990f4b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 06:45

Target

2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe
Size

476KB
MD5

b901416e0e64b011c862985e9d06d044
SHA1

1030e77357270868b323f52654649af403fa0a3f
SHA256

ae729950920de73f2bcdbf82b7e2f93a5093a7cf9924ff1fa40c6a5643990f4b
SHA512

c55ef020569d155600a2acaef75f8b085d8a13efdf4239e92d8017cb5e08fd2132ec64f40f31eb8730b04a3e81a8625e89e2a7b85e13eb244fff149186660834
SSDEEP

12288:aO4rfItL8HRsYsOmFjdK+5k8Fy6eS5gXAA7K9wlsDpVFd:aO4rQtGRLpyjdNFyTS52+9wlsDpVFd

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2600	FDEE.tmp

Executes dropped EXE 1 IoCs

pid	Process
2600	FDEE.tmp

Loads dropped DLL 1 IoCs

pid	Process
1568	2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2600	1568	2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe	28
PID 1568 wrote to memory of 2600	1568	2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe	28
PID 1568 wrote to memory of 2600	1568	2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe	28
PID 1568 wrote to memory of 2600	1568	2024-03-26_b901416e0e64b011c862985e9d06d044_mafia.exe	28

\Users\Admin\AppData\Local\Temp\FDEE.tmp

Filesize
476KB

MD5
f56381972d3fc329efda26cc7430e5cb

SHA1
00245f363ef426c17bd3a9969ed09acad62e59f6

SHA256
b86e02e3ba7428c742fcdc14c2714b1cbe8b62e51671bcc2b1ba2d2ab60f9859

SHA512
83181fed2d88a517cb22f3b52077edb130db9ea31ec9c91b3c9b6fc48d3c7963e070d5cf79bd6211ebe4c7733ef2ca8b2adb26c569d453756e20f95aff174416

Download Submit