3d1387aac608834a1ed7531ab9a3e54d59ef980d5f729a499feb9a2d75c2718f

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 02:35

Target

2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe
Size

526KB
MD5

50dcd96bd1be3ed3488c439864c0c24a
SHA1

fd8d2dbbd97b0c7d8922ffdc695fb38f67dbdfda
SHA256

3d1387aac608834a1ed7531ab9a3e54d59ef980d5f729a499feb9a2d75c2718f
SHA512

960df2c0a84b2d837d974f81d4b7802e8aa055675b001c22356929c905845d9b693e4bccc7ad2abcfe706f7266f6a200d7e1f4072e1de5b041064408c674b74b
SSDEEP

6144:zooTAQjKG3wDGAeIc9kphIoDZn7a0NpEoTqiI5HaJfXtwIgSQeFCE7cpP6+:z6PCrIc9kph598oTq/FaVDgheF8z

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1940	2C3E.tmp

Executes dropped EXE 1 IoCs

pid	Process
1940	2C3E.tmp

Loads dropped DLL 1 IoCs

pid	Process
1236	2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1940	1236	2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe	28
PID 1236 wrote to memory of 1940	1236	2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe	28
PID 1236 wrote to memory of 1940	1236	2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe	28
PID 1236 wrote to memory of 1940	1236	2024-04-06_50dcd96bd1be3ed3488c439864c0c24a_mafia.exe	28

\Users\Admin\AppData\Local\Temp\2C3E.tmp

Filesize
526KB

MD5
fd69f60402a2c40e0ac1fb69d9d6c35e

SHA1
5099a446c123302f30619ebfc1204cca5b594c3c

SHA256
9116297f6d5b4252a11145833b092ed47d4bdf415d24e9ba1c5efb649e570a6e

SHA512
bb1a7c4ae53b678b11719f48d8f884537d145bde9bec87ab93354af064c0d67422fe9aa675610c2aa60fbf4b2133b77249c513d5db3be58fbf43a55e7b5c71f6

Download Submit