544a0016f7c98dd61fb80172f0a92e1dd4e09b52e06b5c540b8b5d3759552ea0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 22:02

Target

2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe
Size

445KB
MD5

eed215fad3f7f3e6902e1fbcbab4a627
SHA1

8f3877223637aeea852c151e34394ebeb6abe3bd
SHA256

544a0016f7c98dd61fb80172f0a92e1dd4e09b52e06b5c540b8b5d3759552ea0
SHA512

75c237220e3c5de470778f691fe14a8e12e92055724aa434cc7cffce046b642fffe4f3a7ad1b4132306a8f3ca1c2cec62877fdf112ed31250e4963956ea3bd8d
SSDEEP

12288:qlCe2wkRCEy1DXulGXd4OvXkLGHj0qTDz/:qlCZIt1b8GmA0UTP/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2536	2976	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2536	2976	2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe	28
PID 2976 wrote to memory of 2536	2976	2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe	28
PID 2976 wrote to memory of 2536	2976	2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe	28
PID 2976 wrote to memory of 2536	2976	2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_eed215fad3f7f3e6902e1fbcbab4a627_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 148
  2⤵
  - Program crash
  PID:2536