09b55666e1d99cbdfd7987d1f8a828ba9156a6a6224471839abfb4c7778c2567

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 08:24

Target

2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe
Size

473KB
MD5

151a6e8b7aa7ad9876438c270ac875c5
SHA1

cf93b62f5d0e83957117586054d76d65f06ebc64
SHA256

09b55666e1d99cbdfd7987d1f8a828ba9156a6a6224471839abfb4c7778c2567
SHA512

b120ad9b0aab481d0621ea3bfea0a1d0d1eb795c859f1778df9c65693e0aca0d924a0adf8bbb37ae0aa0fef0949002dc9a8d96b8dd493d231a2813413e80fc70
SSDEEP

12288:Nb4bZudi79LarzGi3ByyJkiwIZjqO5+Js23ADuuSA0a:Nb4bcdkLa3GiLkiwUj7K3ilJ

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1712	11AD.tmp

Executes dropped EXE 1 IoCs

pid	Process
1712	11AD.tmp

Loads dropped DLL 1 IoCs

pid	Process
2212	2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1712	2212	2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe	28
PID 2212 wrote to memory of 1712	2212	2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe	28
PID 2212 wrote to memory of 1712	2212	2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe	28
PID 2212 wrote to memory of 1712	2212	2024-04-20_151a6e8b7aa7ad9876438c270ac875c5_mafia.exe	28

\Users\Admin\AppData\Local\Temp\11AD.tmp

Filesize
473KB

MD5
3f89de69483b27e0db244a39083d8a01

SHA1
2a59eacc47b902072eac1152db8b2ed3d5344e31

SHA256
7d6f8dc4697600ac8e35d2d4e9117edacd9ff8983ef6513cbd83faf24de95c0d

SHA512
c8937405a52bd3f46c85f5601e4134dce678d366a4a507e886c87885a24a7a4241a04718e282a09f8aa820a74e8594ab6b779a217a1cf4b406ee99bffd0d89f7

Download Submit