Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09/05/2024, 22:09
General
-
Target
2024-05-09_b70261f09c46c01ffee79d1cf7c5dfa3_mafia.exe
-
Size
486KB
-
MD5
b70261f09c46c01ffee79d1cf7c5dfa3
-
SHA1
70cf427c9b5be999734798241a0cd8385dbccd8f
-
SHA256
2c25da98eee73f898a32b0cae974fc69210634341b3f85b266fb0c88ca7017b9
-
SHA512
e910b37205f624be144bbc75d99da722e8006aca27ec8a5904a32d022f28fc56dbd3143cb6c1ee43754de36b98a83457a37f6cfe08c7d183d6626c729685c758
-
SSDEEP
12288:/U5rCOTeiDd7uP5ANvdltP65UnBg6tPZNZ:/UQOJDd7Y8vPBOwg6hZN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-09_b70261f09c46c01ffee79d1cf7c5dfa3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-09_b70261f09c46c01ffee79d1cf7c5dfa3_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2839.tmp"C:\Users\Admin\AppData\Local\Temp\2839.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2887.tmp"C:\Users\Admin\AppData\Local\Temp\2887.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\28D5.tmp"C:\Users\Admin\AppData\Local\Temp\28D5.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2933.tmp"C:\Users\Admin\AppData\Local\Temp\2933.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2990.tmp"C:\Users\Admin\AppData\Local\Temp\2990.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\29DF.tmp"C:\Users\Admin\AppData\Local\Temp\29DF.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2A3C.tmp"C:\Users\Admin\AppData\Local\Temp\2A3C.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2A8A.tmp"C:\Users\Admin\AppData\Local\Temp\2A8A.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2AE8.tmp"C:\Users\Admin\AppData\Local\Temp\2AE8.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2B46.tmp"C:\Users\Admin\AppData\Local\Temp\2B46.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2B94.tmp"C:\Users\Admin\AppData\Local\Temp\2B94.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2BE2.tmp"C:\Users\Admin\AppData\Local\Temp\2BE2.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2C30.tmp"C:\Users\Admin\AppData\Local\Temp\2C30.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2E15.tmp"C:\Users\Admin\AppData\Local\Temp\2E15.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2E63.tmp"C:\Users\Admin\AppData\Local\Temp\2E63.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2EC1.tmp"C:\Users\Admin\AppData\Local\Temp\2EC1.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2F0F.tmp"C:\Users\Admin\AppData\Local\Temp\2F0F.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2F5D.tmp"C:\Users\Admin\AppData\Local\Temp\2F5D.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2FAB.tmp"C:\Users\Admin\AppData\Local\Temp\2FAB.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3009.tmp"C:\Users\Admin\AppData\Local\Temp\3009.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3057.tmp"C:\Users\Admin\AppData\Local\Temp\3057.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\30A5.tmp"C:\Users\Admin\AppData\Local\Temp\30A5.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\30F3.tmp"C:\Users\Admin\AppData\Local\Temp\30F3.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3151.tmp"C:\Users\Admin\AppData\Local\Temp\3151.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\319F.tmp"C:\Users\Admin\AppData\Local\Temp\319F.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\31FD.tmp"C:\Users\Admin\AppData\Local\Temp\31FD.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\324B.tmp"C:\Users\Admin\AppData\Local\Temp\324B.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3299.tmp"C:\Users\Admin\AppData\Local\Temp\3299.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\32E7.tmp"C:\Users\Admin\AppData\Local\Temp\32E7.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3335.tmp"C:\Users\Admin\AppData\Local\Temp\3335.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\33A3.tmp"C:\Users\Admin\AppData\Local\Temp\33A3.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\33F1.tmp"C:\Users\Admin\AppData\Local\Temp\33F1.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\345E.tmp"C:\Users\Admin\AppData\Local\Temp\345E.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\34AC.tmp"C:\Users\Admin\AppData\Local\Temp\34AC.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\34FA.tmp"C:\Users\Admin\AppData\Local\Temp\34FA.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3548.tmp"C:\Users\Admin\AppData\Local\Temp\3548.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3597.tmp"C:\Users\Admin\AppData\Local\Temp\3597.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\35E5.tmp"C:\Users\Admin\AppData\Local\Temp\35E5.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3633.tmp"C:\Users\Admin\AppData\Local\Temp\3633.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3681.tmp"C:\Users\Admin\AppData\Local\Temp\3681.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\36EE.tmp"C:\Users\Admin\AppData\Local\Temp\36EE.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\373C.tmp"C:\Users\Admin\AppData\Local\Temp\373C.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\378B.tmp"C:\Users\Admin\AppData\Local\Temp\378B.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\37D9.tmp"C:\Users\Admin\AppData\Local\Temp\37D9.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3827.tmp"C:\Users\Admin\AppData\Local\Temp\3827.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3875.tmp"C:\Users\Admin\AppData\Local\Temp\3875.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\38C3.tmp"C:\Users\Admin\AppData\Local\Temp\38C3.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3911.tmp"C:\Users\Admin\AppData\Local\Temp\3911.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\395F.tmp"C:\Users\Admin\AppData\Local\Temp\395F.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\39AD.tmp"C:\Users\Admin\AppData\Local\Temp\39AD.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\39FC.tmp"C:\Users\Admin\AppData\Local\Temp\39FC.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3A4A.tmp"C:\Users\Admin\AppData\Local\Temp\3A4A.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3A98.tmp"C:\Users\Admin\AppData\Local\Temp\3A98.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3AE6.tmp"C:\Users\Admin\AppData\Local\Temp\3AE6.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3B34.tmp"C:\Users\Admin\AppData\Local\Temp\3B34.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3B82.tmp"C:\Users\Admin\AppData\Local\Temp\3B82.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3BD0.tmp"C:\Users\Admin\AppData\Local\Temp\3BD0.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3C2E.tmp"C:\Users\Admin\AppData\Local\Temp\3C2E.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3C7C.tmp"C:\Users\Admin\AppData\Local\Temp\3C7C.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3CDA.tmp"C:\Users\Admin\AppData\Local\Temp\3CDA.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D38.tmp"C:\Users\Admin\AppData\Local\Temp\3D38.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D95.tmp"C:\Users\Admin\AppData\Local\Temp\3D95.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3E22.tmp"C:\Users\Admin\AppData\Local\Temp\3E22.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3E9F.tmp"C:\Users\Admin\AppData\Local\Temp\3E9F.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3F1C.tmp"C:\Users\Admin\AppData\Local\Temp\3F1C.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\3FA9.tmp"C:\Users\Admin\AppData\Local\Temp\3FA9.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\4035.tmp"C:\Users\Admin\AppData\Local\Temp\4035.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\40B2.tmp"C:\Users\Admin\AppData\Local\Temp\40B2.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\412F.tmp"C:\Users\Admin\AppData\Local\Temp\412F.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\41AC.tmp"C:\Users\Admin\AppData\Local\Temp\41AC.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\421A.tmp"C:\Users\Admin\AppData\Local\Temp\421A.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\4287.tmp"C:\Users\Admin\AppData\Local\Temp\4287.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\4304.tmp"C:\Users\Admin\AppData\Local\Temp\4304.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\43A0.tmp"C:\Users\Admin\AppData\Local\Temp\43A0.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\43EE.tmp"C:\Users\Admin\AppData\Local\Temp\43EE.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\444C.tmp"C:\Users\Admin\AppData\Local\Temp\444C.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\449A.tmp"C:\Users\Admin\AppData\Local\Temp\449A.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\44E8.tmp"C:\Users\Admin\AppData\Local\Temp\44E8.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\4537.tmp"C:\Users\Admin\AppData\Local\Temp\4537.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\4585.tmp"C:\Users\Admin\AppData\Local\Temp\4585.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\45E2.tmp"C:\Users\Admin\AppData\Local\Temp\45E2.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\4631.tmp"C:\Users\Admin\AppData\Local\Temp\4631.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\468E.tmp"C:\Users\Admin\AppData\Local\Temp\468E.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\46DC.tmp"C:\Users\Admin\AppData\Local\Temp\46DC.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\473A.tmp"C:\Users\Admin\AppData\Local\Temp\473A.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\4788.tmp"C:\Users\Admin\AppData\Local\Temp\4788.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\47D6.tmp"C:\Users\Admin\AppData\Local\Temp\47D6.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\4825.tmp"C:\Users\Admin\AppData\Local\Temp\4825.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\4873.tmp"C:\Users\Admin\AppData\Local\Temp\4873.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\48C1.tmp"C:\Users\Admin\AppData\Local\Temp\48C1.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\490F.tmp"C:\Users\Admin\AppData\Local\Temp\490F.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\496D.tmp"C:\Users\Admin\AppData\Local\Temp\496D.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\49BB.tmp"C:\Users\Admin\AppData\Local\Temp\49BB.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\4A09.tmp"C:\Users\Admin\AppData\Local\Temp\4A09.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\4A57.tmp"C:\Users\Admin\AppData\Local\Temp\4A57.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\4AA5.tmp"C:\Users\Admin\AppData\Local\Temp\4AA5.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\4B03.tmp"C:\Users\Admin\AppData\Local\Temp\4B03.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\4B51.tmp"C:\Users\Admin\AppData\Local\Temp\4B51.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\4B9F.tmp"C:\Users\Admin\AppData\Local\Temp\4B9F.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\4BFD.tmp"C:\Users\Admin\AppData\Local\Temp\4BFD.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\4C5B.tmp"C:\Users\Admin\AppData\Local\Temp\4C5B.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\4CA9.tmp"C:\Users\Admin\AppData\Local\Temp\4CA9.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\4CF7.tmp"C:\Users\Admin\AppData\Local\Temp\4CF7.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\4D55.tmp"C:\Users\Admin\AppData\Local\Temp\4D55.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\4DB2.tmp"C:\Users\Admin\AppData\Local\Temp\4DB2.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\4E10.tmp"C:\Users\Admin\AppData\Local\Temp\4E10.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\4E6E.tmp"C:\Users\Admin\AppData\Local\Temp\4E6E.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\4ECC.tmp"C:\Users\Admin\AppData\Local\Temp\4ECC.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\4F1A.tmp"C:\Users\Admin\AppData\Local\Temp\4F1A.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\4F68.tmp"C:\Users\Admin\AppData\Local\Temp\4F68.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\4FB6.tmp"C:\Users\Admin\AppData\Local\Temp\4FB6.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\5004.tmp"C:\Users\Admin\AppData\Local\Temp\5004.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\5052.tmp"C:\Users\Admin\AppData\Local\Temp\5052.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\50B0.tmp"C:\Users\Admin\AppData\Local\Temp\50B0.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\50FE.tmp"C:\Users\Admin\AppData\Local\Temp\50FE.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\514C.tmp"C:\Users\Admin\AppData\Local\Temp\514C.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\51AA.tmp"C:\Users\Admin\AppData\Local\Temp\51AA.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\5217.tmp"C:\Users\Admin\AppData\Local\Temp\5217.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\5266.tmp"C:\Users\Admin\AppData\Local\Temp\5266.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\52B4.tmp"C:\Users\Admin\AppData\Local\Temp\52B4.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-