37f87dc76d65404fd2f977b64ea92f9d7c3b97fa35696b147e885aceb392b909

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 12:47

Target

2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe
Size

412KB
MD5

27da19aa21fdbba547c5d1c40baf4512
SHA1

172b679f7de8872871d4156013edb6aa1230d97a
SHA256

37f87dc76d65404fd2f977b64ea92f9d7c3b97fa35696b147e885aceb392b909
SHA512

1d010a543bcc006c581d050031daa24d39baf5d271bd0415c4c4ebfaf025a94222aa16c7b1cdc37f9bef9eeca23e4c1f30afc8bdcfb83640cdd46a525f5f8db3
SSDEEP

6144:UooTAQjKG3wDGAeIc9kphIoDZnWihVYVNW+OrgFPhaO/Pv//Dzk7dSk7Tmz9TP:U6PCrIc9kph5q3OrgqOvH0hPmB

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1708	1D60.tmp

Executes dropped EXE 1 IoCs

pid	Process
1708	1D60.tmp

Loads dropped DLL 1 IoCs

pid	Process
2844	2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 1708	2844	2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe	28
PID 2844 wrote to memory of 1708	2844	2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe	28
PID 2844 wrote to memory of 1708	2844	2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe	28
PID 2844 wrote to memory of 1708	2844	2024-04-28_27da19aa21fdbba547c5d1c40baf4512_mafia.exe	28

\Users\Admin\AppData\Local\Temp\1D60.tmp

Filesize
412KB

MD5
2484e4d76816fab7027b3bd16a1fa30f

SHA1
690a96a12390f6d450b3ab3ab26afb71420b856b

SHA256
53c8f6218875aff457b574ab5dd3a711be074c3aa8aab8bdeecbccbc33a0847b

SHA512
7753304283f9ad20c6b88a7c1b8ef5678765fcfbf5f032d8dd8ab31aa348937495316bc208285587fdf8fdc1c15e69835c3ac9b0015fb31c47ccd05e74973d10

Download Submit