Analysis
-
max time kernel
152s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
24-04-2024 01:46
General
-
Target
2024-04-24_242dc2d0a656d4c688bc64a24e52e962_mafia.exe
-
Size
530KB
-
MD5
242dc2d0a656d4c688bc64a24e52e962
-
SHA1
0ba31afdfa0d7dbd9c21ea42fd82084cae9906cf
-
SHA256
6b23ce9b5a1e3ebe3553819035aa81c0e26c70c6c5659050e320bf412e3f6fe5
-
SHA512
df1b73f79206820034a0a476e4582684f97f055d5f12c136c9b77ca63cdda4683b36307f036dd8fbec2ef5ec81d9e16409831fe1a55eb5ebf21886a18545e942
-
SSDEEP
12288:AU5rCOTeiougJA8iw2DftJIC6FnKIsNZulFVg0M1:AUQOJouo+XtJUKIsNclFV/M1
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-24_242dc2d0a656d4c688bc64a24e52e962_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-24_242dc2d0a656d4c688bc64a24e52e962_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AB9.tmp"C:\Users\Admin\AppData\Local\Temp\AB9.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CEC.tmp"C:\Users\Admin\AppData\Local\Temp\CEC.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DA7.tmp"C:\Users\Admin\AppData\Local\Temp\DA7.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E43.tmp"C:\Users\Admin\AppData\Local\Temp\E43.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F1E.tmp"C:\Users\Admin\AppData\Local\Temp\F1E.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1047.tmp"C:\Users\Admin\AppData\Local\Temp\1047.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\10F3.tmp"C:\Users\Admin\AppData\Local\Temp\10F3.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\117F.tmp"C:\Users\Admin\AppData\Local\Temp\117F.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\125A.tmp"C:\Users\Admin\AppData\Local\Temp\125A.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1354.tmp"C:\Users\Admin\AppData\Local\Temp\1354.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\13F0.tmp"C:\Users\Admin\AppData\Local\Temp\13F0.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\145E.tmp"C:\Users\Admin\AppData\Local\Temp\145E.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\14EA.tmp"C:\Users\Admin\AppData\Local\Temp\14EA.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1567.tmp"C:\Users\Admin\AppData\Local\Temp\1567.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1690.tmp"C:\Users\Admin\AppData\Local\Temp\1690.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\16FE.tmp"C:\Users\Admin\AppData\Local\Temp\16FE.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\176B.tmp"C:\Users\Admin\AppData\Local\Temp\176B.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1836.tmp"C:\Users\Admin\AppData\Local\Temp\1836.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\18D2.tmp"C:\Users\Admin\AppData\Local\Temp\18D2.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\198E.tmp"C:\Users\Admin\AppData\Local\Temp\198E.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1A0B.tmp"C:\Users\Admin\AppData\Local\Temp\1A0B.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1A88.tmp"C:\Users\Admin\AppData\Local\Temp\1A88.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1AF5.tmp"C:\Users\Admin\AppData\Local\Temp\1AF5.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1B92.tmp"C:\Users\Admin\AppData\Local\Temp\1B92.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1C0F.tmp"C:\Users\Admin\AppData\Local\Temp\1C0F.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1CCA.tmp"C:\Users\Admin\AppData\Local\Temp\1CCA.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1D47.tmp"C:\Users\Admin\AppData\Local\Temp\1D47.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1DC4.tmp"C:\Users\Admin\AppData\Local\Temp\1DC4.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1E70.tmp"C:\Users\Admin\AppData\Local\Temp\1E70.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1F1C.tmp"C:\Users\Admin\AppData\Local\Temp\1F1C.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1FA8.tmp"C:\Users\Admin\AppData\Local\Temp\1FA8.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2054.tmp"C:\Users\Admin\AppData\Local\Temp\2054.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2100.tmp"C:\Users\Admin\AppData\Local\Temp\2100.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\218D.tmp"C:\Users\Admin\AppData\Local\Temp\218D.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\220A.tmp"C:\Users\Admin\AppData\Local\Temp\220A.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2296.tmp"C:\Users\Admin\AppData\Local\Temp\2296.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2342.tmp"C:\Users\Admin\AppData\Local\Temp\2342.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\23BF.tmp"C:\Users\Admin\AppData\Local\Temp\23BF.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\243C.tmp"C:\Users\Admin\AppData\Local\Temp\243C.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\24AA.tmp"C:\Users\Admin\AppData\Local\Temp\24AA.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2536.tmp"C:\Users\Admin\AppData\Local\Temp\2536.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\25A4.tmp"C:\Users\Admin\AppData\Local\Temp\25A4.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2601.tmp"C:\Users\Admin\AppData\Local\Temp\2601.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\267E.tmp"C:\Users\Admin\AppData\Local\Temp\267E.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2778.tmp"C:\Users\Admin\AppData\Local\Temp\2778.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\27E6.tmp"C:\Users\Admin\AppData\Local\Temp\27E6.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2853.tmp"C:\Users\Admin\AppData\Local\Temp\2853.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\28C1.tmp"C:\Users\Admin\AppData\Local\Temp\28C1.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\294D.tmp"C:\Users\Admin\AppData\Local\Temp\294D.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\29BB.tmp"C:\Users\Admin\AppData\Local\Temp\29BB.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2A38.tmp"C:\Users\Admin\AppData\Local\Temp\2A38.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2AA5.tmp"C:\Users\Admin\AppData\Local\Temp\2AA5.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2B12.tmp"C:\Users\Admin\AppData\Local\Temp\2B12.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2C3B.tmp"C:\Users\Admin\AppData\Local\Temp\2C3B.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2CE7.tmp"C:\Users\Admin\AppData\Local\Temp\2CE7.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2D64.tmp"C:\Users\Admin\AppData\Local\Temp\2D64.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2DD1.tmp"C:\Users\Admin\AppData\Local\Temp\2DD1.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2E6E.tmp"C:\Users\Admin\AppData\Local\Temp\2E6E.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2EEB.tmp"C:\Users\Admin\AppData\Local\Temp\2EEB.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2F68.tmp"C:\Users\Admin\AppData\Local\Temp\2F68.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2FF4.tmp"C:\Users\Admin\AppData\Local\Temp\2FF4.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3071.tmp"C:\Users\Admin\AppData\Local\Temp\3071.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\30FE.tmp"C:\Users\Admin\AppData\Local\Temp\30FE.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\31B9.tmp"C:\Users\Admin\AppData\Local\Temp\31B9.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\3256.tmp"C:\Users\Admin\AppData\Local\Temp\3256.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\32E2.tmp"C:\Users\Admin\AppData\Local\Temp\32E2.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\33AD.tmp"C:\Users\Admin\AppData\Local\Temp\33AD.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\3469.tmp"C:\Users\Admin\AppData\Local\Temp\3469.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\34E6.tmp"C:\Users\Admin\AppData\Local\Temp\34E6.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\3573.tmp"C:\Users\Admin\AppData\Local\Temp\3573.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\362E.tmp"C:\Users\Admin\AppData\Local\Temp\362E.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\36CA.tmp"C:\Users\Admin\AppData\Local\Temp\36CA.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\3747.tmp"C:\Users\Admin\AppData\Local\Temp\3747.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\37E4.tmp"C:\Users\Admin\AppData\Local\Temp\37E4.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\3851.tmp"C:\Users\Admin\AppData\Local\Temp\3851.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\38ED.tmp"C:\Users\Admin\AppData\Local\Temp\38ED.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\397A.tmp"C:\Users\Admin\AppData\Local\Temp\397A.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\3A93.tmp"C:\Users\Admin\AppData\Local\Temp\3A93.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\3B10.tmp"C:\Users\Admin\AppData\Local\Temp\3B10.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\3BBC.tmp"C:\Users\Admin\AppData\Local\Temp\3BBC.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\3C97.tmp"C:\Users\Admin\AppData\Local\Temp\3C97.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\3D23.tmp"C:\Users\Admin\AppData\Local\Temp\3D23.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\3DCF.tmp"C:\Users\Admin\AppData\Local\Temp\3DCF.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\3E6B.tmp"C:\Users\Admin\AppData\Local\Temp\3E6B.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\3F46.tmp"C:\Users\Admin\AppData\Local\Temp\3F46.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\4021.tmp"C:\Users\Admin\AppData\Local\Temp\4021.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\410B.tmp"C:\Users\Admin\AppData\Local\Temp\410B.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\41B7.tmp"C:\Users\Admin\AppData\Local\Temp\41B7.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\4273.tmp"C:\Users\Admin\AppData\Local\Temp\4273.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\437C.tmp"C:\Users\Admin\AppData\Local\Temp\437C.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\4409.tmp"C:\Users\Admin\AppData\Local\Temp\4409.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\4486.tmp"C:\Users\Admin\AppData\Local\Temp\4486.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\4513.tmp"C:\Users\Admin\AppData\Local\Temp\4513.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\45AF.tmp"C:\Users\Admin\AppData\Local\Temp\45AF.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\462C.tmp"C:\Users\Admin\AppData\Local\Temp\462C.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\46A9.tmp"C:\Users\Admin\AppData\Local\Temp\46A9.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\4B1D.tmp"C:\Users\Admin\AppData\Local\Temp\4B1D.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\4BBA.tmp"C:\Users\Admin\AppData\Local\Temp\4BBA.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\4C66.tmp"C:\Users\Admin\AppData\Local\Temp\4C66.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\4D02.tmp"C:\Users\Admin\AppData\Local\Temp\4D02.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\4E1B.tmp"C:\Users\Admin\AppData\Local\Temp\4E1B.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\4E98.tmp"C:\Users\Admin\AppData\Local\Temp\4E98.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\4F05.tmp"C:\Users\Admin\AppData\Local\Temp\4F05.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\4F82.tmp"C:\Users\Admin\AppData\Local\Temp\4F82.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\500F.tmp"C:\Users\Admin\AppData\Local\Temp\500F.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\508C.tmp"C:\Users\Admin\AppData\Local\Temp\508C.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\50F9.tmp"C:\Users\Admin\AppData\Local\Temp\50F9.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\51A5.tmp"C:\Users\Admin\AppData\Local\Temp\51A5.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\5222.tmp"C:\Users\Admin\AppData\Local\Temp\5222.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\529F.tmp"C:\Users\Admin\AppData\Local\Temp\529F.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\533C.tmp"C:\Users\Admin\AppData\Local\Temp\533C.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\53C8.tmp"C:\Users\Admin\AppData\Local\Temp\53C8.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\5436.tmp"C:\Users\Admin\AppData\Local\Temp\5436.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\54B3.tmp"C:\Users\Admin\AppData\Local\Temp\54B3.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\553F.tmp"C:\Users\Admin\AppData\Local\Temp\553F.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\55AD.tmp"C:\Users\Admin\AppData\Local\Temp\55AD.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\5639.tmp"C:\Users\Admin\AppData\Local\Temp\5639.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\56C6.tmp"C:\Users\Admin\AppData\Local\Temp\56C6.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\5752.tmp"C:\Users\Admin\AppData\Local\Temp\5752.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-