Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
21/04/2024, 03:49
General
-
Target
2024-04-21_4d577363965ec8f79bdecab22338ffbd_mafia.exe
-
Size
530KB
-
MD5
4d577363965ec8f79bdecab22338ffbd
-
SHA1
05828a8734e3fe83b8c28e8ddc2a7e0942abdd55
-
SHA256
4aa871997d6c0721b2f1158dcd65aef536c0d349e39d7e4c1eecefe5ddbdedab
-
SHA512
c1653d4e6afc166e656ca0ef759d516805822a6dea01af8e59c703c8b47ea5f363bcc21a21a323d9b2a83c97324bfa66dd3aa3c1dc65d352fb159931cb36c3b7
-
SSDEEP
12288:AU5rCOTeior4g078vk9cVr+bZeAWZPfQLIHNZulFVg0M1:AUQOJoriYtEVNUfYIHNclFV/M1
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-21_4d577363965ec8f79bdecab22338ffbd_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-21_4d577363965ec8f79bdecab22338ffbd_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8D95.tmp"C:\Users\Admin\AppData\Local\Temp\8D95.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8E02.tmp"C:\Users\Admin\AppData\Local\Temp\8E02.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8E60.tmp"C:\Users\Admin\AppData\Local\Temp\8E60.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8ECE.tmp"C:\Users\Admin\AppData\Local\Temp\8ECE.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8F4B.tmp"C:\Users\Admin\AppData\Local\Temp\8F4B.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8FA8.tmp"C:\Users\Admin\AppData\Local\Temp\8FA8.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8FF6.tmp"C:\Users\Admin\AppData\Local\Temp\8FF6.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9045.tmp"C:\Users\Admin\AppData\Local\Temp\9045.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\90A2.tmp"C:\Users\Admin\AppData\Local\Temp\90A2.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\90F0.tmp"C:\Users\Admin\AppData\Local\Temp\90F0.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\915E.tmp"C:\Users\Admin\AppData\Local\Temp\915E.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\91AC.tmp"C:\Users\Admin\AppData\Local\Temp\91AC.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\920A.tmp"C:\Users\Admin\AppData\Local\Temp\920A.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9267.tmp"C:\Users\Admin\AppData\Local\Temp\9267.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\92D5.tmp"C:\Users\Admin\AppData\Local\Temp\92D5.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9342.tmp"C:\Users\Admin\AppData\Local\Temp\9342.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\93A0.tmp"C:\Users\Admin\AppData\Local\Temp\93A0.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\93EE.tmp"C:\Users\Admin\AppData\Local\Temp\93EE.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\945B.tmp"C:\Users\Admin\AppData\Local\Temp\945B.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\94E8.tmp"C:\Users\Admin\AppData\Local\Temp\94E8.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9555.tmp"C:\Users\Admin\AppData\Local\Temp\9555.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\95B3.tmp"C:\Users\Admin\AppData\Local\Temp\95B3.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9601.tmp"C:\Users\Admin\AppData\Local\Temp\9601.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\965F.tmp"C:\Users\Admin\AppData\Local\Temp\965F.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\96AD.tmp"C:\Users\Admin\AppData\Local\Temp\96AD.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\970B.tmp"C:\Users\Admin\AppData\Local\Temp\970B.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9778.tmp"C:\Users\Admin\AppData\Local\Temp\9778.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\97E6.tmp"C:\Users\Admin\AppData\Local\Temp\97E6.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9843.tmp"C:\Users\Admin\AppData\Local\Temp\9843.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\98A1.tmp"C:\Users\Admin\AppData\Local\Temp\98A1.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\990F.tmp"C:\Users\Admin\AppData\Local\Temp\990F.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\997C.tmp"C:\Users\Admin\AppData\Local\Temp\997C.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\99CA.tmp"C:\Users\Admin\AppData\Local\Temp\99CA.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9A18.tmp"C:\Users\Admin\AppData\Local\Temp\9A18.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9A66.tmp"C:\Users\Admin\AppData\Local\Temp\9A66.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9AB4.tmp"C:\Users\Admin\AppData\Local\Temp\9AB4.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9B12.tmp"C:\Users\Admin\AppData\Local\Temp\9B12.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9B60.tmp"C:\Users\Admin\AppData\Local\Temp\9B60.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9BAE.tmp"C:\Users\Admin\AppData\Local\Temp\9BAE.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9C0C.tmp"C:\Users\Admin\AppData\Local\Temp\9C0C.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9C6A.tmp"C:\Users\Admin\AppData\Local\Temp\9C6A.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9CB8.tmp"C:\Users\Admin\AppData\Local\Temp\9CB8.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9D06.tmp"C:\Users\Admin\AppData\Local\Temp\9D06.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9D54.tmp"C:\Users\Admin\AppData\Local\Temp\9D54.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9DB2.tmp"C:\Users\Admin\AppData\Local\Temp\9DB2.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9E00.tmp"C:\Users\Admin\AppData\Local\Temp\9E00.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9E4E.tmp"C:\Users\Admin\AppData\Local\Temp\9E4E.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9E9C.tmp"C:\Users\Admin\AppData\Local\Temp\9E9C.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9EEB.tmp"C:\Users\Admin\AppData\Local\Temp\9EEB.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9F39.tmp"C:\Users\Admin\AppData\Local\Temp\9F39.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9F87.tmp"C:\Users\Admin\AppData\Local\Temp\9F87.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9FD5.tmp"C:\Users\Admin\AppData\Local\Temp\9FD5.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A023.tmp"C:\Users\Admin\AppData\Local\Temp\A023.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A071.tmp"C:\Users\Admin\AppData\Local\Temp\A071.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A0BF.tmp"C:\Users\Admin\AppData\Local\Temp\A0BF.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A10D.tmp"C:\Users\Admin\AppData\Local\Temp\A10D.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A15C.tmp"C:\Users\Admin\AppData\Local\Temp\A15C.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A1AA.tmp"C:\Users\Admin\AppData\Local\Temp\A1AA.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A1F8.tmp"C:\Users\Admin\AppData\Local\Temp\A1F8.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A246.tmp"C:\Users\Admin\AppData\Local\Temp\A246.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A294.tmp"C:\Users\Admin\AppData\Local\Temp\A294.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A2E2.tmp"C:\Users\Admin\AppData\Local\Temp\A2E2.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A340.tmp"C:\Users\Admin\AppData\Local\Temp\A340.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A39E.tmp"C:\Users\Admin\AppData\Local\Temp\A39E.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A3FB.tmp"C:\Users\Admin\AppData\Local\Temp\A3FB.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\A459.tmp"C:\Users\Admin\AppData\Local\Temp\A459.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\A4A7.tmp"C:\Users\Admin\AppData\Local\Temp\A4A7.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\A505.tmp"C:\Users\Admin\AppData\Local\Temp\A505.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\A553.tmp"C:\Users\Admin\AppData\Local\Temp\A553.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\A5B1.tmp"C:\Users\Admin\AppData\Local\Temp\A5B1.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\A5FF.tmp"C:\Users\Admin\AppData\Local\Temp\A5FF.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\A64D.tmp"C:\Users\Admin\AppData\Local\Temp\A64D.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\A69B.tmp"C:\Users\Admin\AppData\Local\Temp\A69B.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\A6E9.tmp"C:\Users\Admin\AppData\Local\Temp\A6E9.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\A747.tmp"C:\Users\Admin\AppData\Local\Temp\A747.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\A7A5.tmp"C:\Users\Admin\AppData\Local\Temp\A7A5.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\A803.tmp"C:\Users\Admin\AppData\Local\Temp\A803.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\A860.tmp"C:\Users\Admin\AppData\Local\Temp\A860.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\A8BE.tmp"C:\Users\Admin\AppData\Local\Temp\A8BE.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\A90C.tmp"C:\Users\Admin\AppData\Local\Temp\A90C.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\A96A.tmp"C:\Users\Admin\AppData\Local\Temp\A96A.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\A9C8.tmp"C:\Users\Admin\AppData\Local\Temp\A9C8.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\AA16.tmp"C:\Users\Admin\AppData\Local\Temp\AA16.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\AA74.tmp"C:\Users\Admin\AppData\Local\Temp\AA74.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\AAD1.tmp"C:\Users\Admin\AppData\Local\Temp\AAD1.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\AB2F.tmp"C:\Users\Admin\AppData\Local\Temp\AB2F.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\AB7D.tmp"C:\Users\Admin\AppData\Local\Temp\AB7D.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\ABDB.tmp"C:\Users\Admin\AppData\Local\Temp\ABDB.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\AC39.tmp"C:\Users\Admin\AppData\Local\Temp\AC39.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\AC87.tmp"C:\Users\Admin\AppData\Local\Temp\AC87.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\ACD5.tmp"C:\Users\Admin\AppData\Local\Temp\ACD5.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\AD23.tmp"C:\Users\Admin\AppData\Local\Temp\AD23.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\AD71.tmp"C:\Users\Admin\AppData\Local\Temp\AD71.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\ADCF.tmp"C:\Users\Admin\AppData\Local\Temp\ADCF.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\AE1D.tmp"C:\Users\Admin\AppData\Local\Temp\AE1D.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\AE6B.tmp"C:\Users\Admin\AppData\Local\Temp\AE6B.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\AEB9.tmp"C:\Users\Admin\AppData\Local\Temp\AEB9.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\AF08.tmp"C:\Users\Admin\AppData\Local\Temp\AF08.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\AF56.tmp"C:\Users\Admin\AppData\Local\Temp\AF56.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\AFB3.tmp"C:\Users\Admin\AppData\Local\Temp\AFB3.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\B011.tmp"C:\Users\Admin\AppData\Local\Temp\B011.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\B06F.tmp"C:\Users\Admin\AppData\Local\Temp\B06F.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\B0CD.tmp"C:\Users\Admin\AppData\Local\Temp\B0CD.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\B12A.tmp"C:\Users\Admin\AppData\Local\Temp\B12A.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\B188.tmp"C:\Users\Admin\AppData\Local\Temp\B188.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\B1D6.tmp"C:\Users\Admin\AppData\Local\Temp\B1D6.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\B224.tmp"C:\Users\Admin\AppData\Local\Temp\B224.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\B273.tmp"C:\Users\Admin\AppData\Local\Temp\B273.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\B2C1.tmp"C:\Users\Admin\AppData\Local\Temp\B2C1.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\B31E.tmp"C:\Users\Admin\AppData\Local\Temp\B31E.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\B36D.tmp"C:\Users\Admin\AppData\Local\Temp\B36D.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\B3BB.tmp"C:\Users\Admin\AppData\Local\Temp\B3BB.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\B409.tmp"C:\Users\Admin\AppData\Local\Temp\B409.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\B457.tmp"C:\Users\Admin\AppData\Local\Temp\B457.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\B4A5.tmp"C:\Users\Admin\AppData\Local\Temp\B4A5.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\B4F3.tmp"C:\Users\Admin\AppData\Local\Temp\B4F3.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\B541.tmp"C:\Users\Admin\AppData\Local\Temp\B541.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\B58F.tmp"C:\Users\Admin\AppData\Local\Temp\B58F.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\B5ED.tmp"C:\Users\Admin\AppData\Local\Temp\B5ED.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\B63B.tmp"C:\Users\Admin\AppData\Local\Temp\B63B.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-