5c55d10a7c72db3e7f8e4a5a38a13584d724bb47b12875a30074aecca5a447f7

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 08:49

Target

2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe
Size

411KB
MD5

90c46b5d062b1f52e76f1ec810db652e
SHA1

19cc0c9422dd369952784277faabdb28fe1dd19b
SHA256

5c55d10a7c72db3e7f8e4a5a38a13584d724bb47b12875a30074aecca5a447f7
SHA512

5b8b4bcb5dc6e3d3098b1be6bbdb36cd812c7a22e718e843c65d766220442259978b4456791d6f4919c696078a6663b61f050ff14413a17082971cf0ea2889eb
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mF3Xds27FeWeieTuuBA5kzeNDqH:gZLolhNVyEaXHFeouBA66NDqH

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2212	9FF7.tmp

Executes dropped EXE 1 IoCs

pid	Process
2212	9FF7.tmp

Loads dropped DLL 1 IoCs

pid	Process
1152	2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2212	1152	2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe	28
PID 1152 wrote to memory of 2212	1152	2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe	28
PID 1152 wrote to memory of 2212	1152	2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe	28
PID 1152 wrote to memory of 2212	1152	2024-04-11_90c46b5d062b1f52e76f1ec810db652e_mafia.exe	28

\Users\Admin\AppData\Local\Temp\9FF7.tmp

Filesize
411KB

MD5
14fa04beac40713c8be6f52469ed6ce6

SHA1
9751c93e97e354921f62aae14371c21c07b671c7

SHA256
e146b5638b578eb07aff419eff80e9744852eacfcd4019a63d46b49df744ef0c

SHA512
0d63f85153b0747837b3f04de50fd18c1a10116af8bba5eb0b1deea1e841a0b1cab9048e74f5183728c110cc6ab9cee66bf95d86f62a74900f50fbae7187d612

Download Submit