Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
-
submitted
25/08/2023, 15:37
General
-
Target
9bac1a547830c9f609e7c957288a0729_mafia_JC.exe
-
Size
486KB
-
MD5
9bac1a547830c9f609e7c957288a0729
-
SHA1
7f21a12e1c07fa1e7d26fb2675c4689090a698d3
-
SHA256
c74b72a26c5f1be91e19a0c9b717b2636284eceb847abc64f861ea5dde40db83
-
SHA512
94773029942b576094df9987f64dc43e691d327aebc2c898b85a897563472bf4063b6972adc8fc616609e317988bad401a26a110c0600a8e85b98b147df1c34a
-
SSDEEP
12288:UU5rCOTeiD2kj0sLXBc8jJ1T3DX97hbC6qLsF8VGBNZ:UUQOJD2kjTLXdX97QwF1N
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\9bac1a547830c9f609e7c957288a0729_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\9bac1a547830c9f609e7c957288a0729_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C841.tmp"C:\Users\Admin\AppData\Local\Temp\C841.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C93B.tmp"C:\Users\Admin\AppData\Local\Temp\C93B.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C9E7.tmp"C:\Users\Admin\AppData\Local\Temp\C9E7.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CA93.tmp"C:\Users\Admin\AppData\Local\Temp\CA93.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CB5E.tmp"C:\Users\Admin\AppData\Local\Temp\CB5E.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CC0A.tmp"C:\Users\Admin\AppData\Local\Temp\CC0A.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CD04.tmp"C:\Users\Admin\AppData\Local\Temp\CD04.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CDB0.tmp"C:\Users\Admin\AppData\Local\Temp\CDB0.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CE3D.tmp"C:\Users\Admin\AppData\Local\Temp\CE3D.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CF17.tmp"C:\Users\Admin\AppData\Local\Temp\CF17.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CFA4.tmp"C:\Users\Admin\AppData\Local\Temp\CFA4.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D06F.tmp"C:\Users\Admin\AppData\Local\Temp\D06F.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D10B.tmp"C:\Users\Admin\AppData\Local\Temp\D10B.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D188.tmp"C:\Users\Admin\AppData\Local\Temp\D188.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D215.tmp"C:\Users\Admin\AppData\Local\Temp\D215.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D2F0.tmp"C:\Users\Admin\AppData\Local\Temp\D2F0.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D35D.tmp"C:\Users\Admin\AppData\Local\Temp\D35D.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D428.tmp"C:\Users\Admin\AppData\Local\Temp\D428.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D503.tmp"C:\Users\Admin\AppData\Local\Temp\D503.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D5AF.tmp"C:\Users\Admin\AppData\Local\Temp\D5AF.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D61C.tmp"C:\Users\Admin\AppData\Local\Temp\D61C.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D6C8.tmp"C:\Users\Admin\AppData\Local\Temp\D6C8.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D7A3.tmp"C:\Users\Admin\AppData\Local\Temp\D7A3.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D89D.tmp"C:\Users\Admin\AppData\Local\Temp\D89D.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D939.tmp"C:\Users\Admin\AppData\Local\Temp\D939.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D9B6.tmp"C:\Users\Admin\AppData\Local\Temp\D9B6.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DA33.tmp"C:\Users\Admin\AppData\Local\Temp\DA33.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DAEF.tmp"C:\Users\Admin\AppData\Local\Temp\DAEF.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DB7B.tmp"C:\Users\Admin\AppData\Local\Temp\DB7B.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DC37.tmp"C:\Users\Admin\AppData\Local\Temp\DC37.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DCC3.tmp"C:\Users\Admin\AppData\Local\Temp\DCC3.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DD50.tmp"C:\Users\Admin\AppData\Local\Temp\DD50.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DDFC.tmp"C:\Users\Admin\AppData\Local\Temp\DDFC.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DE98.tmp"C:\Users\Admin\AppData\Local\Temp\DE98.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DF25.tmp"C:\Users\Admin\AppData\Local\Temp\DF25.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DFB1.tmp"C:\Users\Admin\AppData\Local\Temp\DFB1.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E05D.tmp"C:\Users\Admin\AppData\Local\Temp\E05D.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E109.tmp"C:\Users\Admin\AppData\Local\Temp\E109.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E1C5.tmp"C:\Users\Admin\AppData\Local\Temp\E1C5.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E290.tmp"C:\Users\Admin\AppData\Local\Temp\E290.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E30D.tmp"C:\Users\Admin\AppData\Local\Temp\E30D.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E3C8.tmp"C:\Users\Admin\AppData\Local\Temp\E3C8.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E465.tmp"C:\Users\Admin\AppData\Local\Temp\E465.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E4E2.tmp"C:\Users\Admin\AppData\Local\Temp\E4E2.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E57E.tmp"C:\Users\Admin\AppData\Local\Temp\E57E.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E668.tmp"C:\Users\Admin\AppData\Local\Temp\E668.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E753.tmp"C:\Users\Admin\AppData\Local\Temp\E753.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E8BA.tmp"C:\Users\Admin\AppData\Local\Temp\E8BA.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E956.tmp"C:\Users\Admin\AppData\Local\Temp\E956.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EA60.tmp"C:\Users\Admin\AppData\Local\Temp\EA60.tmp"51⤵
-
C:\Users\Admin\AppData\Local\Temp\EC15.tmp"C:\Users\Admin\AppData\Local\Temp\EC15.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\ECC1.tmp"C:\Users\Admin\AppData\Local\Temp\ECC1.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\ED5D.tmp"C:\Users\Admin\AppData\Local\Temp\ED5D.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EF32.tmp"C:\Users\Admin\AppData\Local\Temp\EF32.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EFBF.tmp"C:\Users\Admin\AppData\Local\Temp\EFBF.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F07A.tmp"C:\Users\Admin\AppData\Local\Temp\F07A.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F107.tmp"C:\Users\Admin\AppData\Local\Temp\F107.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F194.tmp"C:\Users\Admin\AppData\Local\Temp\F194.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F230.tmp"C:\Users\Admin\AppData\Local\Temp\F230.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F2DC.tmp"C:\Users\Admin\AppData\Local\Temp\F2DC.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F378.tmp"C:\Users\Admin\AppData\Local\Temp\F378.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F414.tmp"C:\Users\Admin\AppData\Local\Temp\F414.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F4A1.tmp"C:\Users\Admin\AppData\Local\Temp\F4A1.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F54D.tmp"C:\Users\Admin\AppData\Local\Temp\F54D.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F5D9.tmp"C:\Users\Admin\AppData\Local\Temp\F5D9.tmp"66⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F6B4.tmp"C:\Users\Admin\AppData\Local\Temp\F6B4.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\F750.tmp"C:\Users\Admin\AppData\Local\Temp\F750.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\F7CD.tmp"C:\Users\Admin\AppData\Local\Temp\F7CD.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\F879.tmp"C:\Users\Admin\AppData\Local\Temp\F879.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\F8E7.tmp"C:\Users\Admin\AppData\Local\Temp\F8E7.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\F964.tmp"C:\Users\Admin\AppData\Local\Temp\F964.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\FA00.tmp"C:\Users\Admin\AppData\Local\Temp\FA00.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\FABB.tmp"C:\Users\Admin\AppData\Local\Temp\FABB.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\FB38.tmp"C:\Users\Admin\AppData\Local\Temp\FB38.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\FBC5.tmp"C:\Users\Admin\AppData\Local\Temp\FBC5.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\FC52.tmp"C:\Users\Admin\AppData\Local\Temp\FC52.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\FCEE.tmp"C:\Users\Admin\AppData\Local\Temp\FCEE.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\FDA9.tmp"C:\Users\Admin\AppData\Local\Temp\FDA9.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\FE46.tmp"C:\Users\Admin\AppData\Local\Temp\FE46.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\FEB3.tmp"C:\Users\Admin\AppData\Local\Temp\FEB3.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\FF30.tmp"C:\Users\Admin\AppData\Local\Temp\FF30.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\FF9D.tmp"C:\Users\Admin\AppData\Local\Temp\FF9D.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\1A.tmp"C:\Users\Admin\AppData\Local\Temp\1A.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\88.tmp"C:\Users\Admin\AppData\Local\Temp\88.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\124.tmp"C:\Users\Admin\AppData\Local\Temp\124.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\1B1.tmp"C:\Users\Admin\AppData\Local\Temp\1B1.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\22E.tmp"C:\Users\Admin\AppData\Local\Temp\22E.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\29B.tmp"C:\Users\Admin\AppData\Local\Temp\29B.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\328.tmp"C:\Users\Admin\AppData\Local\Temp\328.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\3A5.tmp"C:\Users\Admin\AppData\Local\Temp\3A5.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\431.tmp"C:\Users\Admin\AppData\Local\Temp\431.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\49F.tmp"C:\Users\Admin\AppData\Local\Temp\49F.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\54A.tmp"C:\Users\Admin\AppData\Local\Temp\54A.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\5E7.tmp"C:\Users\Admin\AppData\Local\Temp\5E7.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\673.tmp"C:\Users\Admin\AppData\Local\Temp\673.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\700.tmp"C:\Users\Admin\AppData\Local\Temp\700.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\78D.tmp"C:\Users\Admin\AppData\Local\Temp\78D.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\819.tmp"C:\Users\Admin\AppData\Local\Temp\819.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\887.tmp"C:\Users\Admin\AppData\Local\Temp\887.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\904.tmp"C:\Users\Admin\AppData\Local\Temp\904.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\990.tmp"C:\Users\Admin\AppData\Local\Temp\990.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\A1D.tmp"C:\Users\Admin\AppData\Local\Temp\A1D.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\AB9.tmp"C:\Users\Admin\AppData\Local\Temp\AB9.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\B46.tmp"C:\Users\Admin\AppData\Local\Temp\B46.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\BF2.tmp"C:\Users\Admin\AppData\Local\Temp\BF2.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\C7E.tmp"C:\Users\Admin\AppData\Local\Temp\C7E.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\D0B.tmp"C:\Users\Admin\AppData\Local\Temp\D0B.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\DA7.tmp"C:\Users\Admin\AppData\Local\Temp\DA7.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\E43.tmp"C:\Users\Admin\AppData\Local\Temp\E43.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\ED0.tmp"C:\Users\Admin\AppData\Local\Temp\ED0.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\F3D.tmp"C:\Users\Admin\AppData\Local\Temp\F3D.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\FBA.tmp"C:\Users\Admin\AppData\Local\Temp\FBA.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\1066.tmp"C:\Users\Admin\AppData\Local\Temp\1066.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\10F3.tmp"C:\Users\Admin\AppData\Local\Temp\10F3.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\118F.tmp"C:\Users\Admin\AppData\Local\Temp\118F.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\11FC.tmp"C:\Users\Admin\AppData\Local\Temp\11FC.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\12F6.tmp"C:\Users\Admin\AppData\Local\Temp\12F6.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\1383.tmp"C:\Users\Admin\AppData\Local\Temp\1383.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\141F.tmp"C:\Users\Admin\AppData\Local\Temp\141F.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\149C.tmp"C:\Users\Admin\AppData\Local\Temp\149C.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-