f79efcb30e06ea7045202bbeb2f63b3ab3e622c4ccb03087a2e9f19d848d201c

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 16:25

Target

2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe
Size

433KB
MD5

178c23bdef09ff66f556bb4b2358e845
SHA1

4a37bbe464c4e54b463a4604c8e270203100a519
SHA256

f79efcb30e06ea7045202bbeb2f63b3ab3e622c4ccb03087a2e9f19d848d201c
SHA512

0dc9c3cdb9e86052a06476e002d0735e10e70e09f69aa83ba345beea62aa0d2871682e3f6ea413634532248c8489dfbe96540a5cb399aa87788f876407cf68eb
SSDEEP

12288:Ci4g+yU+0pAiv+X+T1ZA60tR0IuSJv7hOL+/aqKHRZn:Ci4gXn0pD+OT/A6OR0AdhXKxB

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2368	8B7D.tmp

Executes dropped EXE 1 IoCs

pid	Process
2368	8B7D.tmp

Loads dropped DLL 1 IoCs

pid	Process
856	2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2368	856	2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe	28
PID 856 wrote to memory of 2368	856	2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe	28
PID 856 wrote to memory of 2368	856	2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe	28
PID 856 wrote to memory of 2368	856	2024-04-09_178c23bdef09ff66f556bb4b2358e845_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\8B7D.tmp

Filesize
433KB

MD5
aef8590bad7f4617c3f75ebaaa722a7e

SHA1
2dddfc507e73a17f3b140d4784e6bf9fe1b74397

SHA256
94071bba51b1bf2b59703c308704b1592ba15dc65c24513df184e50fbea16de3

SHA512
aacbdc6ae35770168ee46ed84cec12a2ddbc80fac4843d514a9c1ec93c01d72a40825befb775a606d11287e3a42071c239672becc05bca47fe3c54d2c875e106

Download Submit