Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
02/10/2023, 15:24
General
-
Target
2023-08-27_158cf7255871581dba8ac37c4f6b1c1e_mafia_JC.exe
-
Size
487KB
-
MD5
158cf7255871581dba8ac37c4f6b1c1e
-
SHA1
2edabfed3d0f25d2201c10f8960a064aaefbb329
-
SHA256
7bf658d97d1559634712148f52c552c09a4283ad0f72a1d57619451d1119f4b4
-
SHA512
23287549fec737bcc69e18c98edbdd797165f6c518bc6c3e4514a153d9b3df242dd35b06be5705cc1d23d80c8acf5b9cbac4ee2896f1e64dbd76e82ff8521e24
-
SSDEEP
6144:qorf3lPvovsgZnqG2C7mOTeiL9DUzOkobKKngwEWCq8xPGAs6mXNBbTQmU+2jVPZ:HU5rCOTeiJyHcLCrxPGAsnDTyrNZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_158cf7255871581dba8ac37c4f6b1c1e_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_158cf7255871581dba8ac37c4f6b1c1e_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\21AC.tmp"C:\Users\Admin\AppData\Local\Temp\21AC.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2268.tmp"C:\Users\Admin\AppData\Local\Temp\2268.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2304.tmp"C:\Users\Admin\AppData\Local\Temp\2304.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\23EE.tmp"C:\Users\Admin\AppData\Local\Temp\23EE.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\24B9.tmp"C:\Users\Admin\AppData\Local\Temp\24B9.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2594.tmp"C:\Users\Admin\AppData\Local\Temp\2594.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2640.tmp"C:\Users\Admin\AppData\Local\Temp\2640.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\26EC.tmp"C:\Users\Admin\AppData\Local\Temp\26EC.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2788.tmp"C:\Users\Admin\AppData\Local\Temp\2788.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2834.tmp"C:\Users\Admin\AppData\Local\Temp\2834.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\28E0.tmp"C:\Users\Admin\AppData\Local\Temp\28E0.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\297C.tmp"C:\Users\Admin\AppData\Local\Temp\297C.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2A18.tmp"C:\Users\Admin\AppData\Local\Temp\2A18.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2AF3.tmp"C:\Users\Admin\AppData\Local\Temp\2AF3.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2C7A.tmp"C:\Users\Admin\AppData\Local\Temp\2C7A.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2D35.tmp"C:\Users\Admin\AppData\Local\Temp\2D35.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2F1A.tmp"C:\Users\Admin\AppData\Local\Temp\2F1A.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2FE5.tmp"C:\Users\Admin\AppData\Local\Temp\2FE5.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\30A0.tmp"C:\Users\Admin\AppData\Local\Temp\30A0.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\318B.tmp"C:\Users\Admin\AppData\Local\Temp\318B.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3265.tmp"C:\Users\Admin\AppData\Local\Temp\3265.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\32F2.tmp"C:\Users\Admin\AppData\Local\Temp\32F2.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\33AD.tmp"C:\Users\Admin\AppData\Local\Temp\33AD.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3459.tmp"C:\Users\Admin\AppData\Local\Temp\3459.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3524.tmp"C:\Users\Admin\AppData\Local\Temp\3524.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\35FF.tmp"C:\Users\Admin\AppData\Local\Temp\35FF.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\369B.tmp"C:\Users\Admin\AppData\Local\Temp\369B.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3786.tmp"C:\Users\Admin\AppData\Local\Temp\3786.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3812.tmp"C:\Users\Admin\AppData\Local\Temp\3812.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\38CE.tmp"C:\Users\Admin\AppData\Local\Temp\38CE.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3999.tmp"C:\Users\Admin\AppData\Local\Temp\3999.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3A55.tmp"C:\Users\Admin\AppData\Local\Temp\3A55.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3AD2.tmp"C:\Users\Admin\AppData\Local\Temp\3AD2.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3B4F.tmp"C:\Users\Admin\AppData\Local\Temp\3B4F.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3BDB.tmp"C:\Users\Admin\AppData\Local\Temp\3BDB.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3C58.tmp"C:\Users\Admin\AppData\Local\Temp\3C58.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3CF4.tmp"C:\Users\Admin\AppData\Local\Temp\3CF4.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D52.tmp"C:\Users\Admin\AppData\Local\Temp\3D52.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3DDF.tmp"C:\Users\Admin\AppData\Local\Temp\3DDF.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3E6B.tmp"C:\Users\Admin\AppData\Local\Temp\3E6B.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3EE8.tmp"C:\Users\Admin\AppData\Local\Temp\3EE8.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3F56.tmp"C:\Users\Admin\AppData\Local\Temp\3F56.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\40FC.tmp"C:\Users\Admin\AppData\Local\Temp\40FC.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4188.tmp"C:\Users\Admin\AppData\Local\Temp\4188.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4215.tmp"C:\Users\Admin\AppData\Local\Temp\4215.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4292.tmp"C:\Users\Admin\AppData\Local\Temp\4292.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\431F.tmp"C:\Users\Admin\AppData\Local\Temp\431F.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\43AB.tmp"C:\Users\Admin\AppData\Local\Temp\43AB.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4438.tmp"C:\Users\Admin\AppData\Local\Temp\4438.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\44B5.tmp"C:\Users\Admin\AppData\Local\Temp\44B5.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4541.tmp"C:\Users\Admin\AppData\Local\Temp\4541.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\45DE.tmp"C:\Users\Admin\AppData\Local\Temp\45DE.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\468A.tmp"C:\Users\Admin\AppData\Local\Temp\468A.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4707.tmp"C:\Users\Admin\AppData\Local\Temp\4707.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4793.tmp"C:\Users\Admin\AppData\Local\Temp\4793.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\482F.tmp"C:\Users\Admin\AppData\Local\Temp\482F.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\48CC.tmp"C:\Users\Admin\AppData\Local\Temp\48CC.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4978.tmp"C:\Users\Admin\AppData\Local\Temp\4978.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4A14.tmp"C:\Users\Admin\AppData\Local\Temp\4A14.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4A91.tmp"C:\Users\Admin\AppData\Local\Temp\4A91.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4AFE.tmp"C:\Users\Admin\AppData\Local\Temp\4AFE.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4B7B.tmp"C:\Users\Admin\AppData\Local\Temp\4B7B.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4BE9.tmp"C:\Users\Admin\AppData\Local\Temp\4BE9.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4C56.tmp"C:\Users\Admin\AppData\Local\Temp\4C56.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\4CD3.tmp"C:\Users\Admin\AppData\Local\Temp\4CD3.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\4D50.tmp"C:\Users\Admin\AppData\Local\Temp\4D50.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\4DBD.tmp"C:\Users\Admin\AppData\Local\Temp\4DBD.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\4E3A.tmp"C:\Users\Admin\AppData\Local\Temp\4E3A.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\4ED7.tmp"C:\Users\Admin\AppData\Local\Temp\4ED7.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\4F63.tmp"C:\Users\Admin\AppData\Local\Temp\4F63.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\4FD1.tmp"C:\Users\Admin\AppData\Local\Temp\4FD1.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\503E.tmp"C:\Users\Admin\AppData\Local\Temp\503E.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\509C.tmp"C:\Users\Admin\AppData\Local\Temp\509C.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\5128.tmp"C:\Users\Admin\AppData\Local\Temp\5128.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\51A5.tmp"C:\Users\Admin\AppData\Local\Temp\51A5.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\5213.tmp"C:\Users\Admin\AppData\Local\Temp\5213.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\5290.tmp"C:\Users\Admin\AppData\Local\Temp\5290.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\532C.tmp"C:\Users\Admin\AppData\Local\Temp\532C.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\5399.tmp"C:\Users\Admin\AppData\Local\Temp\5399.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\5416.tmp"C:\Users\Admin\AppData\Local\Temp\5416.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\54C2.tmp"C:\Users\Admin\AppData\Local\Temp\54C2.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\553F.tmp"C:\Users\Admin\AppData\Local\Temp\553F.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\55CC.tmp"C:\Users\Admin\AppData\Local\Temp\55CC.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\5639.tmp"C:\Users\Admin\AppData\Local\Temp\5639.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\56A7.tmp"C:\Users\Admin\AppData\Local\Temp\56A7.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\5733.tmp"C:\Users\Admin\AppData\Local\Temp\5733.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\57A1.tmp"C:\Users\Admin\AppData\Local\Temp\57A1.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\582D.tmp"C:\Users\Admin\AppData\Local\Temp\582D.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\589B.tmp"C:\Users\Admin\AppData\Local\Temp\589B.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\5927.tmp"C:\Users\Admin\AppData\Local\Temp\5927.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\59D3.tmp"C:\Users\Admin\AppData\Local\Temp\59D3.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\5A50.tmp"C:\Users\Admin\AppData\Local\Temp\5A50.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\5B0C.tmp"C:\Users\Admin\AppData\Local\Temp\5B0C.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\5BA8.tmp"C:\Users\Admin\AppData\Local\Temp\5BA8.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\5C44.tmp"C:\Users\Admin\AppData\Local\Temp\5C44.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\5CD1.tmp"C:\Users\Admin\AppData\Local\Temp\5CD1.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\5D4E.tmp"C:\Users\Admin\AppData\Local\Temp\5D4E.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\5DFA.tmp"C:\Users\Admin\AppData\Local\Temp\5DFA.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\5EB5.tmp"C:\Users\Admin\AppData\Local\Temp\5EB5.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\5F51.tmp"C:\Users\Admin\AppData\Local\Temp\5F51.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\5FEE.tmp"C:\Users\Admin\AppData\Local\Temp\5FEE.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\60A9.tmp"C:\Users\Admin\AppData\Local\Temp\60A9.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\6145.tmp"C:\Users\Admin\AppData\Local\Temp\6145.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\61E2.tmp"C:\Users\Admin\AppData\Local\Temp\61E2.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\624F.tmp"C:\Users\Admin\AppData\Local\Temp\624F.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\62EB.tmp"C:\Users\Admin\AppData\Local\Temp\62EB.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\6387.tmp"C:\Users\Admin\AppData\Local\Temp\6387.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\6433.tmp"C:\Users\Admin\AppData\Local\Temp\6433.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\64D0.tmp"C:\Users\Admin\AppData\Local\Temp\64D0.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\656C.tmp"C:\Users\Admin\AppData\Local\Temp\656C.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\6608.tmp"C:\Users\Admin\AppData\Local\Temp\6608.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\66B4.tmp"C:\Users\Admin\AppData\Local\Temp\66B4.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\6760.tmp"C:\Users\Admin\AppData\Local\Temp\6760.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\67FC.tmp"C:\Users\Admin\AppData\Local\Temp\67FC.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\68A8.tmp"C:\Users\Admin\AppData\Local\Temp\68A8.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\6944.tmp"C:\Users\Admin\AppData\Local\Temp\6944.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\69E0.tmp"C:\Users\Admin\AppData\Local\Temp\69E0.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\6A5D.tmp"C:\Users\Admin\AppData\Local\Temp\6A5D.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\6AFA.tmp"C:\Users\Admin\AppData\Local\Temp\6AFA.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-