Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
20/08/2023, 11:58
General
-
Target
5620bb69f7dc9525097c959908429a82_mafia_JC.exe
-
Size
486KB
-
MD5
5620bb69f7dc9525097c959908429a82
-
SHA1
f7344411bf55afe0c3bc0cece89802a5b6c8fef8
-
SHA256
adeb20ec2cb91ac6acb1d7420adc46f013a54d5ccd0770110b9f995ff9402f8c
-
SHA512
76d7dafe759eb0eef1f157593a0a78316c893f729928f527aa5beddc5b55b79799aee64d9562b1b0235bda6fca7923cf012f4f8ebf30133697ec9ec9343f0a47
-
SSDEEP
12288:/U5rCOTeiDe2ANupgUbRWaD/lhH/7gXzhaQcaaVPNZ:/UQOJDePmgUVLD/LH/7gXAOCN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5620bb69f7dc9525097c959908429a82_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\5620bb69f7dc9525097c959908429a82_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\68CC.tmp"C:\Users\Admin\AppData\Local\Temp\68CC.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6968.tmp"C:\Users\Admin\AppData\Local\Temp\6968.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6A24.tmp"C:\Users\Admin\AppData\Local\Temp\6A24.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6B0E.tmp"C:\Users\Admin\AppData\Local\Temp\6B0E.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6BD9.tmp"C:\Users\Admin\AppData\Local\Temp\6BD9.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6C95.tmp"C:\Users\Admin\AppData\Local\Temp\6C95.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6D41.tmp"C:\Users\Admin\AppData\Local\Temp\6D41.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6E1B.tmp"C:\Users\Admin\AppData\Local\Temp\6E1B.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6FC1.tmp"C:\Users\Admin\AppData\Local\Temp\6FC1.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\707D.tmp"C:\Users\Admin\AppData\Local\Temp\707D.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7129.tmp"C:\Users\Admin\AppData\Local\Temp\7129.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7232.tmp"C:\Users\Admin\AppData\Local\Temp\7232.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\72EE.tmp"C:\Users\Admin\AppData\Local\Temp\72EE.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\739A.tmp"C:\Users\Admin\AppData\Local\Temp\739A.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7426.tmp"C:\Users\Admin\AppData\Local\Temp\7426.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\74D2.tmp"C:\Users\Admin\AppData\Local\Temp\74D2.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\75CC.tmp"C:\Users\Admin\AppData\Local\Temp\75CC.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7668.tmp"C:\Users\Admin\AppData\Local\Temp\7668.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\76F5.tmp"C:\Users\Admin\AppData\Local\Temp\76F5.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7782.tmp"C:\Users\Admin\AppData\Local\Temp\7782.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\783D.tmp"C:\Users\Admin\AppData\Local\Temp\783D.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7908.tmp"C:\Users\Admin\AppData\Local\Temp\7908.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7985.tmp"C:\Users\Admin\AppData\Local\Temp\7985.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7A12.tmp"C:\Users\Admin\AppData\Local\Temp\7A12.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7ABE.tmp"C:\Users\Admin\AppData\Local\Temp\7ABE.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7B6A.tmp"C:\Users\Admin\AppData\Local\Temp\7B6A.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7C25.tmp"C:\Users\Admin\AppData\Local\Temp\7C25.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7C92.tmp"C:\Users\Admin\AppData\Local\Temp\7C92.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7D9C.tmp"C:\Users\Admin\AppData\Local\Temp\7D9C.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7E48.tmp"C:\Users\Admin\AppData\Local\Temp\7E48.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7F32.tmp"C:\Users\Admin\AppData\Local\Temp\7F32.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7FCF.tmp"C:\Users\Admin\AppData\Local\Temp\7FCF.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\806B.tmp"C:\Users\Admin\AppData\Local\Temp\806B.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\80F7.tmp"C:\Users\Admin\AppData\Local\Temp\80F7.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\81B3.tmp"C:\Users\Admin\AppData\Local\Temp\81B3.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\829D.tmp"C:\Users\Admin\AppData\Local\Temp\829D.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8359.tmp"C:\Users\Admin\AppData\Local\Temp\8359.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\83C6.tmp"C:\Users\Admin\AppData\Local\Temp\83C6.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8453.tmp"C:\Users\Admin\AppData\Local\Temp\8453.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\84D0.tmp"C:\Users\Admin\AppData\Local\Temp\84D0.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\855C.tmp"C:\Users\Admin\AppData\Local\Temp\855C.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\85E9.tmp"C:\Users\Admin\AppData\Local\Temp\85E9.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8695.tmp"C:\Users\Admin\AppData\Local\Temp\8695.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8760.tmp"C:\Users\Admin\AppData\Local\Temp\8760.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\881C.tmp"C:\Users\Admin\AppData\Local\Temp\881C.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\88A8.tmp"C:\Users\Admin\AppData\Local\Temp\88A8.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8944.tmp"C:\Users\Admin\AppData\Local\Temp\8944.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\89E1.tmp"C:\Users\Admin\AppData\Local\Temp\89E1.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8A9C.tmp"C:\Users\Admin\AppData\Local\Temp\8A9C.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8B48.tmp"C:\Users\Admin\AppData\Local\Temp\8B48.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8BD5.tmp"C:\Users\Admin\AppData\Local\Temp\8BD5.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8C61.tmp"C:\Users\Admin\AppData\Local\Temp\8C61.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8D0D.tmp"C:\Users\Admin\AppData\Local\Temp\8D0D.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8D9A.tmp"C:\Users\Admin\AppData\Local\Temp\8D9A.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8E46.tmp"C:\Users\Admin\AppData\Local\Temp\8E46.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8ED2.tmp"C:\Users\Admin\AppData\Local\Temp\8ED2.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8F6F.tmp"C:\Users\Admin\AppData\Local\Temp\8F6F.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\901A.tmp"C:\Users\Admin\AppData\Local\Temp\901A.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\90A7.tmp"C:\Users\Admin\AppData\Local\Temp\90A7.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9114.tmp"C:\Users\Admin\AppData\Local\Temp\9114.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\91A1.tmp"C:\Users\Admin\AppData\Local\Temp\91A1.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\920E.tmp"C:\Users\Admin\AppData\Local\Temp\920E.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\928B.tmp"C:\Users\Admin\AppData\Local\Temp\928B.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\92F9.tmp"C:\Users\Admin\AppData\Local\Temp\92F9.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\9366.tmp"C:\Users\Admin\AppData\Local\Temp\9366.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\9402.tmp"C:\Users\Admin\AppData\Local\Temp\9402.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\9460.tmp"C:\Users\Admin\AppData\Local\Temp\9460.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\94DD.tmp"C:\Users\Admin\AppData\Local\Temp\94DD.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\956A.tmp"C:\Users\Admin\AppData\Local\Temp\956A.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\9606.tmp"C:\Users\Admin\AppData\Local\Temp\9606.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\9683.tmp"C:\Users\Admin\AppData\Local\Temp\9683.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\9710.tmp"C:\Users\Admin\AppData\Local\Temp\9710.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\977D.tmp"C:\Users\Admin\AppData\Local\Temp\977D.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\97EA.tmp"C:\Users\Admin\AppData\Local\Temp\97EA.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\98F4.tmp"C:\Users\Admin\AppData\Local\Temp\98F4.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\9981.tmp"C:\Users\Admin\AppData\Local\Temp\9981.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\9A1D.tmp"C:\Users\Admin\AppData\Local\Temp\9A1D.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\9A9A.tmp"C:\Users\Admin\AppData\Local\Temp\9A9A.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\9B46.tmp"C:\Users\Admin\AppData\Local\Temp\9B46.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\9BE2.tmp"C:\Users\Admin\AppData\Local\Temp\9BE2.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\9C5F.tmp"C:\Users\Admin\AppData\Local\Temp\9C5F.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\9CCC.tmp"C:\Users\Admin\AppData\Local\Temp\9CCC.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\9D49.tmp"C:\Users\Admin\AppData\Local\Temp\9D49.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\9DC6.tmp"C:\Users\Admin\AppData\Local\Temp\9DC6.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\9E24.tmp"C:\Users\Admin\AppData\Local\Temp\9E24.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\9E82.tmp"C:\Users\Admin\AppData\Local\Temp\9E82.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\9F1E.tmp"C:\Users\Admin\AppData\Local\Temp\9F1E.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\9FAB.tmp"C:\Users\Admin\AppData\Local\Temp\9FAB.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\A018.tmp"C:\Users\Admin\AppData\Local\Temp\A018.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\A095.tmp"C:\Users\Admin\AppData\Local\Temp\A095.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\A122.tmp"C:\Users\Admin\AppData\Local\Temp\A122.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\A1BE.tmp"C:\Users\Admin\AppData\Local\Temp\A1BE.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\A25A.tmp"C:\Users\Admin\AppData\Local\Temp\A25A.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\A2E7.tmp"C:\Users\Admin\AppData\Local\Temp\A2E7.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\A383.tmp"C:\Users\Admin\AppData\Local\Temp\A383.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\A400.tmp"C:\Users\Admin\AppData\Local\Temp\A400.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\A48D.tmp"C:\Users\Admin\AppData\Local\Temp\A48D.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\A548.tmp"C:\Users\Admin\AppData\Local\Temp\A548.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\A5C5.tmp"C:\Users\Admin\AppData\Local\Temp\A5C5.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\A652.tmp"C:\Users\Admin\AppData\Local\Temp\A652.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\A6DF.tmp"C:\Users\Admin\AppData\Local\Temp\A6DF.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\A74C.tmp"C:\Users\Admin\AppData\Local\Temp\A74C.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\A7C9.tmp"C:\Users\Admin\AppData\Local\Temp\A7C9.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\A865.tmp"C:\Users\Admin\AppData\Local\Temp\A865.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\A8E2.tmp"C:\Users\Admin\AppData\Local\Temp\A8E2.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\A99E.tmp"C:\Users\Admin\AppData\Local\Temp\A99E.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\AA4A.tmp"C:\Users\Admin\AppData\Local\Temp\AA4A.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\AAF5.tmp"C:\Users\Admin\AppData\Local\Temp\AAF5.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\AB72.tmp"C:\Users\Admin\AppData\Local\Temp\AB72.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\AC1E.tmp"C:\Users\Admin\AppData\Local\Temp\AC1E.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\ACCA.tmp"C:\Users\Admin\AppData\Local\Temp\ACCA.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\AD38.tmp"C:\Users\Admin\AppData\Local\Temp\AD38.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\ADC4.tmp"C:\Users\Admin\AppData\Local\Temp\ADC4.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\AE51.tmp"C:\Users\Admin\AppData\Local\Temp\AE51.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\AEFD.tmp"C:\Users\Admin\AppData\Local\Temp\AEFD.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\AF6A.tmp"C:\Users\Admin\AppData\Local\Temp\AF6A.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\AFE7.tmp"C:\Users\Admin\AppData\Local\Temp\AFE7.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\B083.tmp"C:\Users\Admin\AppData\Local\Temp\B083.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\B0E1.tmp"C:\Users\Admin\AppData\Local\Temp\B0E1.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-