Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
14/02/2024, 16:44
General
-
Target
2024-02-14_470f16889ea7901947013798f49fe3fc_mafia.exe
-
Size
536KB
-
MD5
470f16889ea7901947013798f49fe3fc
-
SHA1
ebbeaede9161722f5e362aa8255bdcb5314c8bd6
-
SHA256
f16cee12a8596ca0291d0f39137f6375eafa6e7b058d8b2c9ff42129e606203c
-
SHA512
cb0b0153dcf92fd97cc6fded2b28e3842dfa8e8eb7ded004b94bbfaade6b9e2d6e5f847b96f52b97f00b71c5deea86cc8e0f3f499942c9bbb39a66e087968099
-
SSDEEP
12288:wU5rCOTeiUAKkM47MPOjmoJtebwkIZxVJ0ZT9:wUQOJUAK+75JtebwkIRJ0ZT9
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_470f16889ea7901947013798f49fe3fc_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_470f16889ea7901947013798f49fe3fc_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7EF4.tmp"C:\Users\Admin\AppData\Local\Temp\7EF4.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\801D.tmp"C:\Users\Admin\AppData\Local\Temp\801D.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8146.tmp"C:\Users\Admin\AppData\Local\Temp\8146.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\824F.tmp"C:\Users\Admin\AppData\Local\Temp\824F.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8368.tmp"C:\Users\Admin\AppData\Local\Temp\8368.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8491.tmp"C:\Users\Admin\AppData\Local\Temp\8491.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\85AB.tmp"C:\Users\Admin\AppData\Local\Temp\85AB.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8906.tmp"C:\Users\Admin\AppData\Local\Temp\8906.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8A2F.tmp"C:\Users\Admin\AppData\Local\Temp\8A2F.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8F30.tmp"C:\Users\Admin\AppData\Local\Temp\8F30.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\902A.tmp"C:\Users\Admin\AppData\Local\Temp\902A.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9134.tmp"C:\Users\Admin\AppData\Local\Temp\9134.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\926C.tmp"C:\Users\Admin\AppData\Local\Temp\926C.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9412.tmp"C:\Users\Admin\AppData\Local\Temp\9412.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\950C.tmp"C:\Users\Admin\AppData\Local\Temp\950C.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\97DB.tmp"C:\Users\Admin\AppData\Local\Temp\97DB.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9923.tmp"C:\Users\Admin\AppData\Local\Temp\9923.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9A1D.tmp"C:\Users\Admin\AppData\Local\Temp\9A1D.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9AE8.tmp"C:\Users\Admin\AppData\Local\Temp\9AE8.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9D98.tmp"C:\Users\Admin\AppData\Local\Temp\9D98.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9E72.tmp"C:\Users\Admin\AppData\Local\Temp\9E72.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9F9B.tmp"C:\Users\Admin\AppData\Local\Temp\9F9B.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A0B4.tmp"C:\Users\Admin\AppData\Local\Temp\A0B4.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A1AE.tmp"C:\Users\Admin\AppData\Local\Temp\A1AE.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A2B8.tmp"C:\Users\Admin\AppData\Local\Temp\A2B8.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A3E1.tmp"C:\Users\Admin\AppData\Local\Temp\A3E1.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A4BC.tmp"C:\Users\Admin\AppData\Local\Temp\A4BC.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A5B6.tmp"C:\Users\Admin\AppData\Local\Temp\A5B6.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A901.tmp"C:\Users\Admin\AppData\Local\Temp\A901.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A97E.tmp"C:\Users\Admin\AppData\Local\Temp\A97E.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AAC7.tmp"C:\Users\Admin\AppData\Local\Temp\AAC7.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AD28.tmp"C:\Users\Admin\AppData\Local\Temp\AD28.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AE12.tmp"C:\Users\Admin\AppData\Local\Temp\AE12.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AE8F.tmp"C:\Users\Admin\AppData\Local\Temp\AE8F.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AF1C.tmp"C:\Users\Admin\AppData\Local\Temp\AF1C.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AF99.tmp"C:\Users\Admin\AppData\Local\Temp\AF99.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B006.tmp"C:\Users\Admin\AppData\Local\Temp\B006.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B064.tmp"C:\Users\Admin\AppData\Local\Temp\B064.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B1DB.tmp"C:\Users\Admin\AppData\Local\Temp\B1DB.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B248.tmp"C:\Users\Admin\AppData\Local\Temp\B248.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B2B6.tmp"C:\Users\Admin\AppData\Local\Temp\B2B6.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B314.tmp"C:\Users\Admin\AppData\Local\Temp\B314.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B381.tmp"C:\Users\Admin\AppData\Local\Temp\B381.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B3FE.tmp"C:\Users\Admin\AppData\Local\Temp\B3FE.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B47B.tmp"C:\Users\Admin\AppData\Local\Temp\B47B.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B4F8.tmp"C:\Users\Admin\AppData\Local\Temp\B4F8.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B565.tmp"C:\Users\Admin\AppData\Local\Temp\B565.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B73A.tmp"C:\Users\Admin\AppData\Local\Temp\B73A.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B7B7.tmp"C:\Users\Admin\AppData\Local\Temp\B7B7.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B834.tmp"C:\Users\Admin\AppData\Local\Temp\B834.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B8B1.tmp"C:\Users\Admin\AppData\Local\Temp\B8B1.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B91E.tmp"C:\Users\Admin\AppData\Local\Temp\B91E.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B99B.tmp"C:\Users\Admin\AppData\Local\Temp\B99B.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BA47.tmp"C:\Users\Admin\AppData\Local\Temp\BA47.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BAB5.tmp"C:\Users\Admin\AppData\Local\Temp\BAB5.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BB12.tmp"C:\Users\Admin\AppData\Local\Temp\BB12.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BC4B.tmp"C:\Users\Admin\AppData\Local\Temp\BC4B.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BCD8.tmp"C:\Users\Admin\AppData\Local\Temp\BCD8.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BD55.tmp"C:\Users\Admin\AppData\Local\Temp\BD55.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BDB2.tmp"C:\Users\Admin\AppData\Local\Temp\BDB2.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BE2F.tmp"C:\Users\Admin\AppData\Local\Temp\BE2F.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BE9D.tmp"C:\Users\Admin\AppData\Local\Temp\BE9D.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BF1A.tmp"C:\Users\Admin\AppData\Local\Temp\BF1A.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BF97.tmp"C:\Users\Admin\AppData\Local\Temp\BF97.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\C014.tmp"C:\Users\Admin\AppData\Local\Temp\C014.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\C081.tmp"C:\Users\Admin\AppData\Local\Temp\C081.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\C208.tmp"C:\Users\Admin\AppData\Local\Temp\C208.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\C285.tmp"C:\Users\Admin\AppData\Local\Temp\C285.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\C311.tmp"C:\Users\Admin\AppData\Local\Temp\C311.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\C39E.tmp"C:\Users\Admin\AppData\Local\Temp\C39E.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\C40B.tmp"C:\Users\Admin\AppData\Local\Temp\C40B.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\C488.tmp"C:\Users\Admin\AppData\Local\Temp\C488.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\C505.tmp"C:\Users\Admin\AppData\Local\Temp\C505.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\C582.tmp"C:\Users\Admin\AppData\Local\Temp\C582.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\C60F.tmp"C:\Users\Admin\AppData\Local\Temp\C60F.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\C68C.tmp"C:\Users\Admin\AppData\Local\Temp\C68C.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\C709.tmp"C:\Users\Admin\AppData\Local\Temp\C709.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\C786.tmp"C:\Users\Admin\AppData\Local\Temp\C786.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\C7F3.tmp"C:\Users\Admin\AppData\Local\Temp\C7F3.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\C870.tmp"C:\Users\Admin\AppData\Local\Temp\C870.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\C8CE.tmp"C:\Users\Admin\AppData\Local\Temp\C8CE.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\C92C.tmp"C:\Users\Admin\AppData\Local\Temp\C92C.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\C9A9.tmp"C:\Users\Admin\AppData\Local\Temp\C9A9.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\CA07.tmp"C:\Users\Admin\AppData\Local\Temp\CA07.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\CA93.tmp"C:\Users\Admin\AppData\Local\Temp\CA93.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\CB01.tmp"C:\Users\Admin\AppData\Local\Temp\CB01.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\CB7E.tmp"C:\Users\Admin\AppData\Local\Temp\CB7E.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\CBEB.tmp"C:\Users\Admin\AppData\Local\Temp\CBEB.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\CC58.tmp"C:\Users\Admin\AppData\Local\Temp\CC58.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\CCB6.tmp"C:\Users\Admin\AppData\Local\Temp\CCB6.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\CD23.tmp"C:\Users\Admin\AppData\Local\Temp\CD23.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\CDC0.tmp"C:\Users\Admin\AppData\Local\Temp\CDC0.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\CE6C.tmp"C:\Users\Admin\AppData\Local\Temp\CE6C.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\CFB4.tmp"C:\Users\Admin\AppData\Local\Temp\CFB4.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\D040.tmp"C:\Users\Admin\AppData\Local\Temp\D040.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\D0CD.tmp"C:\Users\Admin\AppData\Local\Temp\D0CD.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\D169.tmp"C:\Users\Admin\AppData\Local\Temp\D169.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\D1F6.tmp"C:\Users\Admin\AppData\Local\Temp\D1F6.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\D282.tmp"C:\Users\Admin\AppData\Local\Temp\D282.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\D32E.tmp"C:\Users\Admin\AppData\Local\Temp\D32E.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\D3AB.tmp"C:\Users\Admin\AppData\Local\Temp\D3AB.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\D419.tmp"C:\Users\Admin\AppData\Local\Temp\D419.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\D4B5.tmp"C:\Users\Admin\AppData\Local\Temp\D4B5.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\D532.tmp"C:\Users\Admin\AppData\Local\Temp\D532.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\D59F.tmp"C:\Users\Admin\AppData\Local\Temp\D59F.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\D61C.tmp"C:\Users\Admin\AppData\Local\Temp\D61C.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\D6C8.tmp"C:\Users\Admin\AppData\Local\Temp\D6C8.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\D736.tmp"C:\Users\Admin\AppData\Local\Temp\D736.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\D7A3.tmp"C:\Users\Admin\AppData\Local\Temp\D7A3.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\D830.tmp"C:\Users\Admin\AppData\Local\Temp\D830.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\D8AD.tmp"C:\Users\Admin\AppData\Local\Temp\D8AD.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\D91A.tmp"C:\Users\Admin\AppData\Local\Temp\D91A.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\D987.tmp"C:\Users\Admin\AppData\Local\Temp\D987.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\D9F5.tmp"C:\Users\Admin\AppData\Local\Temp\D9F5.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\DA62.tmp"C:\Users\Admin\AppData\Local\Temp\DA62.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\DACF.tmp"C:\Users\Admin\AppData\Local\Temp\DACF.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\DB5C.tmp"C:\Users\Admin\AppData\Local\Temp\DB5C.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\DBC9.tmp"C:\Users\Admin\AppData\Local\Temp\DBC9.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\DC46.tmp"C:\Users\Admin\AppData\Local\Temp\DC46.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\DCC3.tmp"C:\Users\Admin\AppData\Local\Temp\DCC3.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-