70068a5deb3aaff4803ea43e1e7a16285042d484263cd6a702474cdecc1539d9

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 20:02

Target

2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe
Size

349KB
MD5

7dfaa03ca8e272574e457c53edb45bbf
SHA1

bf12de757c4244dab24621dfb2cdb4ba501bb82b
SHA256

70068a5deb3aaff4803ea43e1e7a16285042d484263cd6a702474cdecc1539d9
SHA512

0abf488e8269c70c68ff415305f2728f249eb706c69b5cb785cec73ce490d460a508ce5c6d5f80a9da05d438d12867caae1007bb0070271aa055e99d364571fa
SSDEEP

6144:k+jfY43T97LNTJQnzkr5meQzK0uY5CYM3nyYSJvBxma+L6zYUPyBt4g9Y:k+jffT97LNJQnzkr5meQzK0uuCYMCnzj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2928 3048 WerFault.exe 2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe

pid	pid_target	process	target process
2928	3048	WerFault.exe	2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe

description	pid	process	target process
PID 3048 wrote to memory of 2928	3048	2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe	WerFault.exe
PID 3048 wrote to memory of 2928	3048	2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe	WerFault.exe
PID 3048 wrote to memory of 2928	3048	2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe	WerFault.exe
PID 3048 wrote to memory of 2928	3048	2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-24_7dfaa03ca8e272574e457c53edb45bbf_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 48
2⤵
- Program crash
PID:2928