Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
02/08/2023, 18:07
General
-
Target
3ee6424f239d28c8155d54d63bf2c722_mafia_JC.exe
-
Size
487KB
-
MD5
3ee6424f239d28c8155d54d63bf2c722
-
SHA1
55fdd1135552bd143d2121ea413e73a6bbcff63a
-
SHA256
5de6f877b6395f5902a1b54bbbd8dfffe85cd05f048687d4f630dfa1fea0a455
-
SHA512
5a4b19aa74e188e4b1e6de5f267261adc2b2700a611a3dfd19bfc465febb728f076e39736292591fb910ad592bd31b446145282524b8b0ed6066589be800465b
-
SSDEEP
12288:HU5rCOTeiJE/u+BVLhRSh1xEGUsq/+75NZ:HUQOJJkuCG1W/eN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ee6424f239d28c8155d54d63bf2c722_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\3ee6424f239d28c8155d54d63bf2c722_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D69.tmp"C:\Users\Admin\AppData\Local\Temp\D69.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EB1.tmp"C:\Users\Admin\AppData\Local\Temp\EB1.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F7C.tmp"C:\Users\Admin\AppData\Local\Temp\F7C.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1076.tmp"C:\Users\Admin\AppData\Local\Temp\1076.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1141.tmp"C:\Users\Admin\AppData\Local\Temp\1141.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\11FC.tmp"C:\Users\Admin\AppData\Local\Temp\11FC.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\12B8.tmp"C:\Users\Admin\AppData\Local\Temp\12B8.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\13A2.tmp"C:\Users\Admin\AppData\Local\Temp\13A2.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\147D.tmp"C:\Users\Admin\AppData\Local\Temp\147D.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1548.tmp"C:\Users\Admin\AppData\Local\Temp\1548.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1623.tmp"C:\Users\Admin\AppData\Local\Temp\1623.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\17F8.tmp"C:\Users\Admin\AppData\Local\Temp\17F8.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1AB7.tmp"C:\Users\Admin\AppData\Local\Temp\1AB7.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1C1E.tmp"C:\Users\Admin\AppData\Local\Temp\1C1E.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1F89.tmp"C:\Users\Admin\AppData\Local\Temp\1F89.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2064.tmp"C:\Users\Admin\AppData\Local\Temp\2064.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2100.tmp"C:\Users\Admin\AppData\Local\Temp\2100.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\21AC.tmp"C:\Users\Admin\AppData\Local\Temp\21AC.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2277.tmp"C:\Users\Admin\AppData\Local\Temp\2277.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2362.tmp"C:\Users\Admin\AppData\Local\Temp\2362.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\240D.tmp"C:\Users\Admin\AppData\Local\Temp\240D.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\24B9.tmp"C:\Users\Admin\AppData\Local\Temp\24B9.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2546.tmp"C:\Users\Admin\AppData\Local\Temp\2546.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\25D3.tmp"C:\Users\Admin\AppData\Local\Temp\25D3.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\267E.tmp"C:\Users\Admin\AppData\Local\Temp\267E.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\26FB.tmp"C:\Users\Admin\AppData\Local\Temp\26FB.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2798.tmp"C:\Users\Admin\AppData\Local\Temp\2798.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2853.tmp"C:\Users\Admin\AppData\Local\Temp\2853.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\292E.tmp"C:\Users\Admin\AppData\Local\Temp\292E.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\29DA.tmp"C:\Users\Admin\AppData\Local\Temp\29DA.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2A95.tmp"C:\Users\Admin\AppData\Local\Temp\2A95.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2B70.tmp"C:\Users\Admin\AppData\Local\Temp\2B70.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2C3B.tmp"C:\Users\Admin\AppData\Local\Temp\2C3B.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2D06.tmp"C:\Users\Admin\AppData\Local\Temp\2D06.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2D83.tmp"C:\Users\Admin\AppData\Local\Temp\2D83.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2DF1.tmp"C:\Users\Admin\AppData\Local\Temp\2DF1.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2E7D.tmp"C:\Users\Admin\AppData\Local\Temp\2E7D.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2EFA.tmp"C:\Users\Admin\AppData\Local\Temp\2EFA.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2F77.tmp"C:\Users\Admin\AppData\Local\Temp\2F77.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3023.tmp"C:\Users\Admin\AppData\Local\Temp\3023.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\30A0.tmp"C:\Users\Admin\AppData\Local\Temp\30A0.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\312D.tmp"C:\Users\Admin\AppData\Local\Temp\312D.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\31E8.tmp"C:\Users\Admin\AppData\Local\Temp\31E8.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3265.tmp"C:\Users\Admin\AppData\Local\Temp\3265.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3302.tmp"C:\Users\Admin\AppData\Local\Temp\3302.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\33AD.tmp"C:\Users\Admin\AppData\Local\Temp\33AD.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3479.tmp"C:\Users\Admin\AppData\Local\Temp\3479.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3563.tmp"C:\Users\Admin\AppData\Local\Temp\3563.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\364D.tmp"C:\Users\Admin\AppData\Local\Temp\364D.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\36DA.tmp"C:\Users\Admin\AppData\Local\Temp\36DA.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3795.tmp"C:\Users\Admin\AppData\Local\Temp\3795.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3803.tmp"C:\Users\Admin\AppData\Local\Temp\3803.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\395B.tmp"C:\Users\Admin\AppData\Local\Temp\395B.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3A55.tmp"C:\Users\Admin\AppData\Local\Temp\3A55.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3AD2.tmp"C:\Users\Admin\AppData\Local\Temp\3AD2.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3B5E.tmp"C:\Users\Admin\AppData\Local\Temp\3B5E.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3C0A.tmp"C:\Users\Admin\AppData\Local\Temp\3C0A.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3CC6.tmp"C:\Users\Admin\AppData\Local\Temp\3CC6.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D52.tmp"C:\Users\Admin\AppData\Local\Temp\3D52.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3DEE.tmp"C:\Users\Admin\AppData\Local\Temp\3DEE.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3E8B.tmp"C:\Users\Admin\AppData\Local\Temp\3E8B.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3F65.tmp"C:\Users\Admin\AppData\Local\Temp\3F65.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\405F.tmp"C:\Users\Admin\AppData\Local\Temp\405F.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\41A8.tmp"C:\Users\Admin\AppData\Local\Temp\41A8.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4234.tmp"C:\Users\Admin\AppData\Local\Temp\4234.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\42E0.tmp"C:\Users\Admin\AppData\Local\Temp\42E0.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\4419.tmp"C:\Users\Admin\AppData\Local\Temp\4419.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\44C4.tmp"C:\Users\Admin\AppData\Local\Temp\44C4.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\463B.tmp"C:\Users\Admin\AppData\Local\Temp\463B.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\482F.tmp"C:\Users\Admin\AppData\Local\Temp\482F.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\48FB.tmp"C:\Users\Admin\AppData\Local\Temp\48FB.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\49A6.tmp"C:\Users\Admin\AppData\Local\Temp\49A6.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\4A62.tmp"C:\Users\Admin\AppData\Local\Temp\4A62.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\4C17.tmp"C:\Users\Admin\AppData\Local\Temp\4C17.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\4CC3.tmp"C:\Users\Admin\AppData\Local\Temp\4CC3.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\4D7F.tmp"C:\Users\Admin\AppData\Local\Temp\4D7F.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\4E0B.tmp"C:\Users\Admin\AppData\Local\Temp\4E0B.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\4E79.tmp"C:\Users\Admin\AppData\Local\Temp\4E79.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\4EF6.tmp"C:\Users\Admin\AppData\Local\Temp\4EF6.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\4FA2.tmp"C:\Users\Admin\AppData\Local\Temp\4FA2.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\503E.tmp"C:\Users\Admin\AppData\Local\Temp\503E.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\5176.tmp"C:\Users\Admin\AppData\Local\Temp\5176.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\5222.tmp"C:\Users\Admin\AppData\Local\Temp\5222.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\52DE.tmp"C:\Users\Admin\AppData\Local\Temp\52DE.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\534B.tmp"C:\Users\Admin\AppData\Local\Temp\534B.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\53C8.tmp"C:\Users\Admin\AppData\Local\Temp\53C8.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\5455.tmp"C:\Users\Admin\AppData\Local\Temp\5455.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\5520.tmp"C:\Users\Admin\AppData\Local\Temp\5520.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\55AD.tmp"C:\Users\Admin\AppData\Local\Temp\55AD.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\561A.tmp"C:\Users\Admin\AppData\Local\Temp\561A.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\5762.tmp"C:\Users\Admin\AppData\Local\Temp\5762.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\581E.tmp"C:\Users\Admin\AppData\Local\Temp\581E.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\589B.tmp"C:\Users\Admin\AppData\Local\Temp\589B.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\5908.tmp"C:\Users\Admin\AppData\Local\Temp\5908.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\5975.tmp"C:\Users\Admin\AppData\Local\Temp\5975.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\5A02.tmp"C:\Users\Admin\AppData\Local\Temp\5A02.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\5A7F.tmp"C:\Users\Admin\AppData\Local\Temp\5A7F.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\5B1B.tmp"C:\Users\Admin\AppData\Local\Temp\5B1B.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\5B98.tmp"C:\Users\Admin\AppData\Local\Temp\5B98.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\5C15.tmp"C:\Users\Admin\AppData\Local\Temp\5C15.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\5C83.tmp"C:\Users\Admin\AppData\Local\Temp\5C83.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\5D00.tmp"C:\Users\Admin\AppData\Local\Temp\5D00.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\5D9C.tmp"C:\Users\Admin\AppData\Local\Temp\5D9C.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\5E38.tmp"C:\Users\Admin\AppData\Local\Temp\5E38.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\5EB5.tmp"C:\Users\Admin\AppData\Local\Temp\5EB5.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\5F51.tmp"C:\Users\Admin\AppData\Local\Temp\5F51.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\606B.tmp"C:\Users\Admin\AppData\Local\Temp\606B.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\60E8.tmp"C:\Users\Admin\AppData\Local\Temp\60E8.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\6184.tmp"C:\Users\Admin\AppData\Local\Temp\6184.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\6201.tmp"C:\Users\Admin\AppData\Local\Temp\6201.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\626E.tmp"C:\Users\Admin\AppData\Local\Temp\626E.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\630A.tmp"C:\Users\Admin\AppData\Local\Temp\630A.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\6387.tmp"C:\Users\Admin\AppData\Local\Temp\6387.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\6404.tmp"C:\Users\Admin\AppData\Local\Temp\6404.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\64D0.tmp"C:\Users\Admin\AppData\Local\Temp\64D0.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\656C.tmp"C:\Users\Admin\AppData\Local\Temp\656C.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\65F8.tmp"C:\Users\Admin\AppData\Local\Temp\65F8.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\66B4.tmp"C:\Users\Admin\AppData\Local\Temp\66B4.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\6721.tmp"C:\Users\Admin\AppData\Local\Temp\6721.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-