2dc388fc3ad1f71c0ce8ff0f3119d5f7d85a5d78fe01b83824c8f09b5a79eea6

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:44

Target

2024-06-25_06ea2768f66db1b3931a4603388c1a12_mafia.exe
Size

937KB
MD5

06ea2768f66db1b3931a4603388c1a12
SHA1

810eb20870ad26caedd88ff8796b75f34b58b4a6
SHA256

2dc388fc3ad1f71c0ce8ff0f3119d5f7d85a5d78fe01b83824c8f09b5a79eea6
SHA512

d076bd8b061d738e579d6cbba5146c3c5487304b1e9e06fe101a88aabf6264883a03c567c9a2db3f60ddc54ab63e3f7a49bcfb52c8a10f0d3f70715b4e093be5
SSDEEP

24576:XhNPtSMOaWH8d15lMYIp2MyUi/ODFZbkMoSXqZBeFppXps:xBZSbv7F6ZBIXps

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2580	2808	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2092 wrote to memory of 2808	2092	regsvr32.exe	28
PID 2808 wrote to memory of 2580	2808	regsvr32.exe	29
PID 2808 wrote to memory of 2580	2808	regsvr32.exe	29
PID 2808 wrote to memory of 2580	2808	regsvr32.exe	29
PID 2808 wrote to memory of 2580	2808	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2024-06-25_06ea2768f66db1b3931a4603388c1a12_mafia.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2024-06-25_06ea2768f66db1b3931a4603388c1a12_mafia.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 292
    3⤵
    - Program crash
    PID:2580