ca1665111225e47546d2bdece7cc62b602443edc7f8cd212200a56c348c49e12

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 22:34

Target

2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe
Size

428KB
MD5

fdf096dd63948a214619ab3fc5c941de
SHA1

e6a96654fa29df1123c35ad1c5ed73b6ee7872dd
SHA256

ca1665111225e47546d2bdece7cc62b602443edc7f8cd212200a56c348c49e12
SHA512

fdc352bf5c8199f3cfc0a0c2f851d492182dfda58ed2e62774b2e8d1899a874a20324626bc5877255d7f164e52d575922d72cb0a4fc51d0f3db9ebadc03b1210
SSDEEP

12288:Z594+AcL4tBekiuKzErm3mIcVq73QDG/rCp0Xsivuxl:BL4tBekiuVrMmIcW3IopXWx

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2832	81FC.tmp

Executes dropped EXE 1 IoCs

pid	Process
2832	81FC.tmp

Loads dropped DLL 1 IoCs

pid	Process
3008	2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2832	3008	2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe	28
PID 3008 wrote to memory of 2832	3008	2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe	28
PID 3008 wrote to memory of 2832	3008	2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe	28
PID 3008 wrote to memory of 2832	3008	2024-04-19_fdf096dd63948a214619ab3fc5c941de_mafia.exe	28

\Users\Admin\AppData\Local\Temp\81FC.tmp

Filesize
428KB

MD5
d59ef4c6573577947095ee8e56de1106

SHA1
c1a2a5a67faef5e85053f082e92e931da91fa544

SHA256
b98a7528da1baf96866467b32b76fe0fc6a05a7d4ae2acb1abcf976c0a3f9a83

SHA512
d656145684acfd9fb65297602d73eafc22a00af79fea0585c4f8a24fbeb5a56968dd5a844174fd6dc595527b295843c99ac41e21be8868327c16fb2f4f91d0b4

Download Submit