e5d92313d62f3cf2301c6e49c8883b81bbb29067c419b0e8b2bbe73c757d9736

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 16:30

Target

2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe
Size

384KB
MD5

3251452e0df382e508ff236d36581943
SHA1

f3437cd6016112266372f3665efb78836ee3f3a6
SHA256

e5d92313d62f3cf2301c6e49c8883b81bbb29067c419b0e8b2bbe73c757d9736
SHA512

afc459b50d9548bbbb494ef4995b1b8ba6be1441f638dc871c3f148d685b5288e0e84c3ecf7a7550189b4d84c0d191c8f62e8a15ac5f86a8ee8e2eefd7a0ec5d
SSDEEP

6144:drxfv4co9ZL3GBGgjODxbf7hH8+25DeTT+LXu9KIE0jaZIsCgiWlGdrQFGZ:Zm48gODxbz1T+L+9h3aZ7CgiCm+GZ

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2144	963.tmp

Executes dropped EXE 1 IoCs

pid	Process
2144	963.tmp

Loads dropped DLL 1 IoCs

pid	Process
1804	2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2144	1804	2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe	28
PID 1804 wrote to memory of 2144	1804	2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe	28
PID 1804 wrote to memory of 2144	1804	2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe	28
PID 1804 wrote to memory of 2144	1804	2024-03-26_3251452e0df382e508ff236d36581943_mafia.exe	28

\Users\Admin\AppData\Local\Temp\963.tmp

Filesize
384KB

MD5
4d9663d0335ddde999ccae75f8c19b5d

SHA1
5c61beda78a4185e28bb7fd7028cbe444005fc12

SHA256
81a7b135a45e742f3430ffe38358f1be0e74372c63b5c65ba18437ab6d04b0f8

SHA512
8d83d5dc247e08e82a0f1c8e1d1d9f0acb573b1f23bb482bd37c048efd4f1fd06d022caea8c0b310419f365a39e0a39a35ad17de2559c7a7003bff3ef7ea57b2

Download Submit