16945dfc6a12d576d240c4afdf207df5d19fef3cdb7363e9576480c07bb2ff58

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 00:46

Target

2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe
Size

479KB
MD5

8e71220561a4df5b2dabdc11b80f0611
SHA1

b20435a2d992df84803cbd0d517b04a6ab603250
SHA256

16945dfc6a12d576d240c4afdf207df5d19fef3cdb7363e9576480c07bb2ff58
SHA512

644f67bc9ba35aa12fbc765c54896355e8130c1e8abbc9a2c0b10648f0582e296253e284f2a8ef7b740fb84f4b91155b95b0d9b21c73cde93eeca17233cc938e
SSDEEP

12288:bO4rfItL8HA/SJyrw9sXlvTZrRsc/475UO:bO4rQtGAqkkyZZGc/4VUO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2772	96D3.tmp

Executes dropped EXE 1 IoCs

pid	Process
2772	96D3.tmp

Loads dropped DLL 1 IoCs

pid	Process
2504	2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2772	2504	2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe	28
PID 2504 wrote to memory of 2772	2504	2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe	28
PID 2504 wrote to memory of 2772	2504	2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe	28
PID 2504 wrote to memory of 2772	2504	2024-04-05_8e71220561a4df5b2dabdc11b80f0611_mafia.exe	28

\Users\Admin\AppData\Local\Temp\96D3.tmp

Filesize
479KB

MD5
50dc879fba569622d5f7a59b9d2934d6

SHA1
ca8ae18066283584f366509650293ae6379ad134

SHA256
73782fa40c211ccf31b3324314cb6c5c25d40578cf947c1497d5de6e5c23fc5d

SHA512
41b71047b856c015f5425ab22e5926f7b421f4a2b9e96fb9929adbcb600c30a185815226a7fbf544ead77d3652a63cdefe2ac045dc91967c586b0983b4bf3b0e

Download Submit