Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
02/08/2023, 16:37
General
-
Target
394b254123aaf89ed9459744bb67fc37_mafia_JC.exe
-
Size
486KB
-
MD5
394b254123aaf89ed9459744bb67fc37
-
SHA1
4fa6fad6f88b5ed4f843a8ceab497df6885466e0
-
SHA256
73f5022479040ced3a59356cad4cd4b648c0680dcb60e238f874c4f04cd3e517
-
SHA512
149285762a50189f9c021fd8f8020a7f0edbce5084be6ba6da9bc842a40b4bcaff2ddf07295a43bb136b00b16d7561b24ac8bb5d3b6fba838c63e77e09c1809c
-
SSDEEP
6144:Sorf3lPvovsgZnqG2C7mOTeiLfD7yG73wv20vIIhR7JXiGbepmBIBJzUpSRLW0Ga:/U5rCOTeiDye3RATyGozB4SRLhNZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\394b254123aaf89ed9459744bb67fc37_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\394b254123aaf89ed9459744bb67fc37_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\30BF.tmp"C:\Users\Admin\AppData\Local\Temp\30BF.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\35B1.tmp"C:\Users\Admin\AppData\Local\Temp\35B1.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\368C.tmp"C:\Users\Admin\AppData\Local\Temp\368C.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3786.tmp"C:\Users\Admin\AppData\Local\Temp\3786.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\388F.tmp"C:\Users\Admin\AppData\Local\Temp\388F.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\396A.tmp"C:\Users\Admin\AppData\Local\Temp\396A.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\39E7.tmp"C:\Users\Admin\AppData\Local\Temp\39E7.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3B2F.tmp"C:\Users\Admin\AppData\Local\Temp\3B2F.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3C29.tmp"C:\Users\Admin\AppData\Local\Temp\3C29.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3D33.tmp"C:\Users\Admin\AppData\Local\Temp\3D33.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3E1D.tmp"C:\Users\Admin\AppData\Local\Temp\3E1D.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3ED9.tmp"C:\Users\Admin\AppData\Local\Temp\3ED9.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3FC3.tmp"C:\Users\Admin\AppData\Local\Temp\3FC3.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\407F.tmp"C:\Users\Admin\AppData\Local\Temp\407F.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\412B.tmp"C:\Users\Admin\AppData\Local\Temp\412B.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\41E6.tmp"C:\Users\Admin\AppData\Local\Temp\41E6.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4282.tmp"C:\Users\Admin\AppData\Local\Temp\4282.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\432E.tmp"C:\Users\Admin\AppData\Local\Temp\432E.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4438.tmp"C:\Users\Admin\AppData\Local\Temp\4438.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4522.tmp"C:\Users\Admin\AppData\Local\Temp\4522.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\461C.tmp"C:\Users\Admin\AppData\Local\Temp\461C.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\484F.tmp"C:\Users\Admin\AppData\Local\Temp\484F.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4949.tmp"C:\Users\Admin\AppData\Local\Temp\4949.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4A23.tmp"C:\Users\Admin\AppData\Local\Temp\4A23.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4B3D.tmp"C:\Users\Admin\AppData\Local\Temp\4B3D.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4C46.tmp"C:\Users\Admin\AppData\Local\Temp\4C46.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4D6F.tmp"C:\Users\Admin\AppData\Local\Temp\4D6F.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E69.tmp"C:\Users\Admin\AppData\Local\Temp\4E69.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4F63.tmp"C:\Users\Admin\AppData\Local\Temp\4F63.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\503E.tmp"C:\Users\Admin\AppData\Local\Temp\503E.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\50F9.tmp"C:\Users\Admin\AppData\Local\Temp\50F9.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\51B5.tmp"C:\Users\Admin\AppData\Local\Temp\51B5.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5242.tmp"C:\Users\Admin\AppData\Local\Temp\5242.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\52FD.tmp"C:\Users\Admin\AppData\Local\Temp\52FD.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\538A.tmp"C:\Users\Admin\AppData\Local\Temp\538A.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5436.tmp"C:\Users\Admin\AppData\Local\Temp\5436.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\54B3.tmp"C:\Users\Admin\AppData\Local\Temp\54B3.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\556E.tmp"C:\Users\Admin\AppData\Local\Temp\556E.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\561A.tmp"C:\Users\Admin\AppData\Local\Temp\561A.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56B6.tmp"C:\Users\Admin\AppData\Local\Temp\56B6.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5762.tmp"C:\Users\Admin\AppData\Local\Temp\5762.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\57FE.tmp"C:\Users\Admin\AppData\Local\Temp\57FE.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\589B.tmp"C:\Users\Admin\AppData\Local\Temp\589B.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5946.tmp"C:\Users\Admin\AppData\Local\Temp\5946.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\59B4.tmp"C:\Users\Admin\AppData\Local\Temp\59B4.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A40.tmp"C:\Users\Admin\AppData\Local\Temp\5A40.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5ACD.tmp"C:\Users\Admin\AppData\Local\Temp\5ACD.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B4A.tmp"C:\Users\Admin\AppData\Local\Temp\5B4A.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5BD7.tmp"C:\Users\Admin\AppData\Local\Temp\5BD7.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5CA2.tmp"C:\Users\Admin\AppData\Local\Temp\5CA2.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D5D.tmp"C:\Users\Admin\AppData\Local\Temp\5D5D.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5DCB.tmp"C:\Users\Admin\AppData\Local\Temp\5DCB.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5E57.tmp"C:\Users\Admin\AppData\Local\Temp\5E57.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5EE4.tmp"C:\Users\Admin\AppData\Local\Temp\5EE4.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F71.tmp"C:\Users\Admin\AppData\Local\Temp\5F71.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\605B.tmp"C:\Users\Admin\AppData\Local\Temp\605B.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\60E8.tmp"C:\Users\Admin\AppData\Local\Temp\60E8.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6155.tmp"C:\Users\Admin\AppData\Local\Temp\6155.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\61D2.tmp"C:\Users\Admin\AppData\Local\Temp\61D2.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\625F.tmp"C:\Users\Admin\AppData\Local\Temp\625F.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\62EB.tmp"C:\Users\Admin\AppData\Local\Temp\62EB.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6368.tmp"C:\Users\Admin\AppData\Local\Temp\6368.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6424.tmp"C:\Users\Admin\AppData\Local\Temp\6424.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\64A1.tmp"C:\Users\Admin\AppData\Local\Temp\64A1.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\651E.tmp"C:\Users\Admin\AppData\Local\Temp\651E.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\65BA.tmp"C:\Users\Admin\AppData\Local\Temp\65BA.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\6647.tmp"C:\Users\Admin\AppData\Local\Temp\6647.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\6702.tmp"C:\Users\Admin\AppData\Local\Temp\6702.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\678F.tmp"C:\Users\Admin\AppData\Local\Temp\678F.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\67FC.tmp"C:\Users\Admin\AppData\Local\Temp\67FC.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\6889.tmp"C:\Users\Admin\AppData\Local\Temp\6889.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\6992.tmp"C:\Users\Admin\AppData\Local\Temp\6992.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\6A0F.tmp"C:\Users\Admin\AppData\Local\Temp\6A0F.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\6A8C.tmp"C:\Users\Admin\AppData\Local\Temp\6A8C.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\6B19.tmp"C:\Users\Admin\AppData\Local\Temp\6B19.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\6BD4.tmp"C:\Users\Admin\AppData\Local\Temp\6BD4.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\6C42.tmp"C:\Users\Admin\AppData\Local\Temp\6C42.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\6CCE.tmp"C:\Users\Admin\AppData\Local\Temp\6CCE.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\6D5B.tmp"C:\Users\Admin\AppData\Local\Temp\6D5B.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\6DD8.tmp"C:\Users\Admin\AppData\Local\Temp\6DD8.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\6E74.tmp"C:\Users\Admin\AppData\Local\Temp\6E74.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\6EF1.tmp"C:\Users\Admin\AppData\Local\Temp\6EF1.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\6F5F.tmp"C:\Users\Admin\AppData\Local\Temp\6F5F.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\6FEB.tmp"C:\Users\Admin\AppData\Local\Temp\6FEB.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\7059.tmp"C:\Users\Admin\AppData\Local\Temp\7059.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\70C6.tmp"C:\Users\Admin\AppData\Local\Temp\70C6.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\7162.tmp"C:\Users\Admin\AppData\Local\Temp\7162.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\71FF.tmp"C:\Users\Admin\AppData\Local\Temp\71FF.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\728B.tmp"C:\Users\Admin\AppData\Local\Temp\728B.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\7308.tmp"C:\Users\Admin\AppData\Local\Temp\7308.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\7385.tmp"C:\Users\Admin\AppData\Local\Temp\7385.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\7421.tmp"C:\Users\Admin\AppData\Local\Temp\7421.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\74AE.tmp"C:\Users\Admin\AppData\Local\Temp\74AE.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\751B.tmp"C:\Users\Admin\AppData\Local\Temp\751B.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\7598.tmp"C:\Users\Admin\AppData\Local\Temp\7598.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\7683.tmp"C:\Users\Admin\AppData\Local\Temp\7683.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\76F0.tmp"C:\Users\Admin\AppData\Local\Temp\76F0.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\776D.tmp"C:\Users\Admin\AppData\Local\Temp\776D.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\77FA.tmp"C:\Users\Admin\AppData\Local\Temp\77FA.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\7896.tmp"C:\Users\Admin\AppData\Local\Temp\7896.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\7903.tmp"C:\Users\Admin\AppData\Local\Temp\7903.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\7971.tmp"C:\Users\Admin\AppData\Local\Temp\7971.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\79FD.tmp"C:\Users\Admin\AppData\Local\Temp\79FD.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\7A7A.tmp"C:\Users\Admin\AppData\Local\Temp\7A7A.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\7AE8.tmp"C:\Users\Admin\AppData\Local\Temp\7AE8.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\7B65.tmp"C:\Users\Admin\AppData\Local\Temp\7B65.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\7BF1.tmp"C:\Users\Admin\AppData\Local\Temp\7BF1.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\7C7E.tmp"C:\Users\Admin\AppData\Local\Temp\7C7E.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\7D0B.tmp"C:\Users\Admin\AppData\Local\Temp\7D0B.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\7D78.tmp"C:\Users\Admin\AppData\Local\Temp\7D78.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\7DE5.tmp"C:\Users\Admin\AppData\Local\Temp\7DE5.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\7E62.tmp"C:\Users\Admin\AppData\Local\Temp\7E62.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\7EDF.tmp"C:\Users\Admin\AppData\Local\Temp\7EDF.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\7F4D.tmp"C:\Users\Admin\AppData\Local\Temp\7F4D.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\7FBA.tmp"C:\Users\Admin\AppData\Local\Temp\7FBA.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\8056.tmp"C:\Users\Admin\AppData\Local\Temp\8056.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\80E3.tmp"C:\Users\Admin\AppData\Local\Temp\80E3.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\81BE.tmp"C:\Users\Admin\AppData\Local\Temp\81BE.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\8299.tmp"C:\Users\Admin\AppData\Local\Temp\8299.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-