Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
03/08/2023, 17:11
General
-
Target
50ce3e6447cd07b0fc1208af16bf978d_mafia_JC.exe
-
Size
486KB
-
MD5
50ce3e6447cd07b0fc1208af16bf978d
-
SHA1
52a2623baf854b2bc075a9f2f087b3030b76c642
-
SHA256
287bfb6966ca5c892f93e92de363d53728115237b3a647dfb0a53f77f1fe57dd
-
SHA512
17d5940f8f5bf525cb5ceb0c40a3e25205d15d1e4471f225bd8357a80e1cfe3348651dcb589eb90d7d53036077dc93dd5562665f6b1b854871d7c771052296a5
-
SSDEEP
12288:/U5rCOTeiDzW/h8bfb0L4k4F2zWwY5KIyNZ:/UQOJDzW/Cj5k4IWnKRN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\50ce3e6447cd07b0fc1208af16bf978d_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\50ce3e6447cd07b0fc1208af16bf978d_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E86C.tmp"C:\Users\Admin\AppData\Local\Temp\E86C.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E937.tmp"C:\Users\Admin\AppData\Local\Temp\E937.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E9F2.tmp"C:\Users\Admin\AppData\Local\Temp\E9F2.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EABE.tmp"C:\Users\Admin\AppData\Local\Temp\EABE.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EB89.tmp"C:\Users\Admin\AppData\Local\Temp\EB89.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EC44.tmp"C:\Users\Admin\AppData\Local\Temp\EC44.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ED6D.tmp"C:\Users\Admin\AppData\Local\Temp\ED6D.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EE48.tmp"C:\Users\Admin\AppData\Local\Temp\EE48.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EF51.tmp"C:\Users\Admin\AppData\Local\Temp\EF51.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EFEE.tmp"C:\Users\Admin\AppData\Local\Temp\EFEE.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F08A.tmp"C:\Users\Admin\AppData\Local\Temp\F08A.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F23F.tmp"C:\Users\Admin\AppData\Local\Temp\F23F.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F339.tmp"C:\Users\Admin\AppData\Local\Temp\F339.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F3E5.tmp"C:\Users\Admin\AppData\Local\Temp\F3E5.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F4A1.tmp"C:\Users\Admin\AppData\Local\Temp\F4A1.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F52D.tmp"C:\Users\Admin\AppData\Local\Temp\F52D.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F618.tmp"C:\Users\Admin\AppData\Local\Temp\F618.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F6A4.tmp"C:\Users\Admin\AppData\Local\Temp\F6A4.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F770.tmp"C:\Users\Admin\AppData\Local\Temp\F770.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F7ED.tmp"C:\Users\Admin\AppData\Local\Temp\F7ED.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F889.tmp"C:\Users\Admin\AppData\Local\Temp\F889.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F954.tmp"C:\Users\Admin\AppData\Local\Temp\F954.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FA0F.tmp"C:\Users\Admin\AppData\Local\Temp\FA0F.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FACB.tmp"C:\Users\Admin\AppData\Local\Temp\FACB.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FB86.tmp"C:\Users\Admin\AppData\Local\Temp\FB86.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FC13.tmp"C:\Users\Admin\AppData\Local\Temp\FC13.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FCCF.tmp"C:\Users\Admin\AppData\Local\Temp\FCCF.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FD5B.tmp"C:\Users\Admin\AppData\Local\Temp\FD5B.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FDD8.tmp"C:\Users\Admin\AppData\Local\Temp\FDD8.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FEB3.tmp"C:\Users\Admin\AppData\Local\Temp\FEB3.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FF5F.tmp"C:\Users\Admin\AppData\Local\Temp\FF5F.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\88.tmp"C:\Users\Admin\AppData\Local\Temp\88.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\182.tmp"C:\Users\Admin\AppData\Local\Temp\182.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\27C.tmp"C:\Users\Admin\AppData\Local\Temp\27C.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2D9.tmp"C:\Users\Admin\AppData\Local\Temp\2D9.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\356.tmp"C:\Users\Admin\AppData\Local\Temp\356.tmp"37⤵
-
C:\Users\Admin\AppData\Local\Temp\3E3.tmp"C:\Users\Admin\AppData\Local\Temp\3E3.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\470.tmp"C:\Users\Admin\AppData\Local\Temp\470.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4FC.tmp"C:\Users\Admin\AppData\Local\Temp\4FC.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\579.tmp"C:\Users\Admin\AppData\Local\Temp\579.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F6.tmp"C:\Users\Admin\AppData\Local\Temp\5F6.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6C1.tmp"C:\Users\Admin\AppData\Local\Temp\6C1.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\74E.tmp"C:\Users\Admin\AppData\Local\Temp\74E.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7EA.tmp"C:\Users\Admin\AppData\Local\Temp\7EA.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\887.tmp"C:\Users\Admin\AppData\Local\Temp\887.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\923.tmp"C:\Users\Admin\AppData\Local\Temp\923.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9CF.tmp"C:\Users\Admin\AppData\Local\Temp\9CF.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A7B.tmp"C:\Users\Admin\AppData\Local\Temp\A7B.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B07.tmp"C:\Users\Admin\AppData\Local\Temp\B07.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B84.tmp"C:\Users\Admin\AppData\Local\Temp\B84.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\C20.tmp"C:\Users\Admin\AppData\Local\Temp\C20.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\CCC.tmp"C:\Users\Admin\AppData\Local\Temp\CCC.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D69.tmp"C:\Users\Admin\AppData\Local\Temp\D69.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E05.tmp"C:\Users\Admin\AppData\Local\Temp\E05.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E82.tmp"C:\Users\Admin\AppData\Local\Temp\E82.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EFF.tmp"C:\Users\Admin\AppData\Local\Temp\EFF.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F7C.tmp"C:\Users\Admin\AppData\Local\Temp\F7C.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1028.tmp"C:\Users\Admin\AppData\Local\Temp\1028.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\10B4.tmp"C:\Users\Admin\AppData\Local\Temp\10B4.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1141.tmp"C:\Users\Admin\AppData\Local\Temp\1141.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\11AE.tmp"C:\Users\Admin\AppData\Local\Temp\11AE.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\120C.tmp"C:\Users\Admin\AppData\Local\Temp\120C.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1289.tmp"C:\Users\Admin\AppData\Local\Temp\1289.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\12F6.tmp"C:\Users\Admin\AppData\Local\Temp\12F6.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1383.tmp"C:\Users\Admin\AppData\Local\Temp\1383.tmp"66⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1400.tmp"C:\Users\Admin\AppData\Local\Temp\1400.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\147D.tmp"C:\Users\Admin\AppData\Local\Temp\147D.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\1519.tmp"C:\Users\Admin\AppData\Local\Temp\1519.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\1596.tmp"C:\Users\Admin\AppData\Local\Temp\1596.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\1623.tmp"C:\Users\Admin\AppData\Local\Temp\1623.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\1690.tmp"C:\Users\Admin\AppData\Local\Temp\1690.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\16EE.tmp"C:\Users\Admin\AppData\Local\Temp\16EE.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\178A.tmp"C:\Users\Admin\AppData\Local\Temp\178A.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\17E8.tmp"C:\Users\Admin\AppData\Local\Temp\17E8.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\1884.tmp"C:\Users\Admin\AppData\Local\Temp\1884.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\1901.tmp"C:\Users\Admin\AppData\Local\Temp\1901.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\197E.tmp"C:\Users\Admin\AppData\Local\Temp\197E.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\1A0B.tmp"C:\Users\Admin\AppData\Local\Temp\1A0B.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\1A98.tmp"C:\Users\Admin\AppData\Local\Temp\1A98.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\1B34.tmp"C:\Users\Admin\AppData\Local\Temp\1B34.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\1B92.tmp"C:\Users\Admin\AppData\Local\Temp\1B92.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\1C1E.tmp"C:\Users\Admin\AppData\Local\Temp\1C1E.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\1CAB.tmp"C:\Users\Admin\AppData\Local\Temp\1CAB.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\1D47.tmp"C:\Users\Admin\AppData\Local\Temp\1D47.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\1DA5.tmp"C:\Users\Admin\AppData\Local\Temp\1DA5.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\1E12.tmp"C:\Users\Admin\AppData\Local\Temp\1E12.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\1E60.tmp"C:\Users\Admin\AppData\Local\Temp\1E60.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\1EDD.tmp"C:\Users\Admin\AppData\Local\Temp\1EDD.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\1F6A.tmp"C:\Users\Admin\AppData\Local\Temp\1F6A.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\1FF7.tmp"C:\Users\Admin\AppData\Local\Temp\1FF7.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\2093.tmp"C:\Users\Admin\AppData\Local\Temp\2093.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\213F.tmp"C:\Users\Admin\AppData\Local\Temp\213F.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\21CB.tmp"C:\Users\Admin\AppData\Local\Temp\21CB.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2258.tmp"C:\Users\Admin\AppData\Local\Temp\2258.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\22D5.tmp"C:\Users\Admin\AppData\Local\Temp\22D5.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2371.tmp"C:\Users\Admin\AppData\Local\Temp\2371.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\23EE.tmp"C:\Users\Admin\AppData\Local\Temp\23EE.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\246B.tmp"C:\Users\Admin\AppData\Local\Temp\246B.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\2507.tmp"C:\Users\Admin\AppData\Local\Temp\2507.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\25A4.tmp"C:\Users\Admin\AppData\Local\Temp\25A4.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\2611.tmp"C:\Users\Admin\AppData\Local\Temp\2611.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\268E.tmp"C:\Users\Admin\AppData\Local\Temp\268E.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\274A.tmp"C:\Users\Admin\AppData\Local\Temp\274A.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\27B7.tmp"C:\Users\Admin\AppData\Local\Temp\27B7.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\2834.tmp"C:\Users\Admin\AppData\Local\Temp\2834.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\28D0.tmp"C:\Users\Admin\AppData\Local\Temp\28D0.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\295D.tmp"C:\Users\Admin\AppData\Local\Temp\295D.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\29E9.tmp"C:\Users\Admin\AppData\Local\Temp\29E9.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\2A76.tmp"C:\Users\Admin\AppData\Local\Temp\2A76.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2B12.tmp"C:\Users\Admin\AppData\Local\Temp\2B12.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\2BAF.tmp"C:\Users\Admin\AppData\Local\Temp\2BAF.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2C4B.tmp"C:\Users\Admin\AppData\Local\Temp\2C4B.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\2CE7.tmp"C:\Users\Admin\AppData\Local\Temp\2CE7.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2D93.tmp"C:\Users\Admin\AppData\Local\Temp\2D93.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\2E00.tmp"C:\Users\Admin\AppData\Local\Temp\2E00.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\2E8D.tmp"C:\Users\Admin\AppData\Local\Temp\2E8D.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\2EFA.tmp"C:\Users\Admin\AppData\Local\Temp\2EFA.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\2F77.tmp"C:\Users\Admin\AppData\Local\Temp\2F77.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\2FE5.tmp"C:\Users\Admin\AppData\Local\Temp\2FE5.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\3042.tmp"C:\Users\Admin\AppData\Local\Temp\3042.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-