71f3941e516d100854868112370dd1755221efbb80b69dfa47f3e734e1d0e649

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 00:52

Target

2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe
Size

428KB
MD5

7cef2552e93938de53a7e55faa66f311
SHA1

cfe809c297d0e60f073039e3a7e1a09f60d1c066
SHA256

71f3941e516d100854868112370dd1755221efbb80b69dfa47f3e734e1d0e649
SHA512

6fa3bcf8b665f6ce8aa1f10d69d6a82585b71d7f328800a696ef14593dd2325ff7998cd29eb6e9a13676f8b2dfb38e0a8690313f860793d079233181ed7d13a5
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFPrjnVaJFBfhkBmMyMovgqHR:gZLolhNVyEsPnVMhgqHR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2528	8B8.tmp

Executes dropped EXE 1 IoCs

pid	Process
2528	8B8.tmp

Loads dropped DLL 1 IoCs

pid	Process
2616	2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2528	2616	2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe	28
PID 2616 wrote to memory of 2528	2616	2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe	28
PID 2616 wrote to memory of 2528	2616	2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe	28
PID 2616 wrote to memory of 2528	2616	2024-05-07_7cef2552e93938de53a7e55faa66f311_mafia.exe	28

\Users\Admin\AppData\Local\Temp\8B8.tmp

Filesize
428KB

MD5
ac68ee4e2f39201bfbc05e9919b23fc3

SHA1
b33b3f5c887b1603a449b49473997e1e39c6f80a

SHA256
96023b73c3a9c4f59958da55584841e00696ef2b16cb8b04df7af8da16823dbc

SHA512
ec991db27ecb86f065480df2106f70d3b70a02aa349d3a329fc089f10ecba73999b53b1a4bdcc2c7d6bf0ea4f84b675eb30e96a0f23cf8c8cc92b4df0a401ebf

Download Submit