Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
-
submitted
03/09/2023, 14:54
General
-
Target
2023-08-22_ff2ead7aa0a5ae23e9d4ebe1257769e0_mafia_JC.exe
-
Size
520KB
-
MD5
ff2ead7aa0a5ae23e9d4ebe1257769e0
-
SHA1
c41a082c37d1d2a31e7bec6e744c8a0dae037ecd
-
SHA256
40c3105be7d7cd75e4c0a65fbc11dde66f9c8bd536484dec05921075862242fb
-
SHA512
4a99518a444d2a815e5262f6c109e31659072d688baea2054bdc11f56512509202ed8bb2b27e1d76a357df8aea9fe5445f95130d79272ca4168929e10676cb48
-
SSDEEP
6144:Aj/hrXj2PAEh5ACnPu07aWiHrPESDQEdydICItdnUerQy7WHsH3dZ:YcRnG07aWijEWXdydIwSPRNZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-22_ff2ead7aa0a5ae23e9d4ebe1257769e0_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-22_ff2ead7aa0a5ae23e9d4ebe1257769e0_mafia_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DB1E.tmp"C:\Users\Admin\AppData\Local\Temp\DB1E.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DF92.tmp"C:\Users\Admin\AppData\Local\Temp\DF92.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E08C.tmp"C:\Users\Admin\AppData\Local\Temp\E08C.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E138.tmp"C:\Users\Admin\AppData\Local\Temp\E138.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E1E4.tmp"C:\Users\Admin\AppData\Local\Temp\E1E4.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E280.tmp"C:\Users\Admin\AppData\Local\Temp\E280.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E32C.tmp"C:\Users\Admin\AppData\Local\Temp\E32C.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E3E8.tmp"C:\Users\Admin\AppData\Local\Temp\E3E8.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E985.tmp"C:\Users\Admin\AppData\Local\Temp\E985.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EA9E.tmp"C:\Users\Admin\AppData\Local\Temp\EA9E.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EC15.tmp"C:\Users\Admin\AppData\Local\Temp\EC15.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ECE0.tmp"C:\Users\Admin\AppData\Local\Temp\ECE0.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EE38.tmp"C:\Users\Admin\AppData\Local\Temp\EE38.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EED4.tmp"C:\Users\Admin\AppData\Local\Temp\EED4.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EFA0.tmp"C:\Users\Admin\AppData\Local\Temp\EFA0.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F0C8.tmp"C:\Users\Admin\AppData\Local\Temp\F0C8.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F174.tmp"C:\Users\Admin\AppData\Local\Temp\F174.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F339.tmp"C:\Users\Admin\AppData\Local\Temp\F339.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F57C.tmp"C:\Users\Admin\AppData\Local\Temp\F57C.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F656.tmp"C:\Users\Admin\AppData\Local\Temp\F656.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F741.tmp"C:\Users\Admin\AppData\Local\Temp\F741.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F7ED.tmp"C:\Users\Admin\AppData\Local\Temp\F7ED.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F86A.tmp"C:\Users\Admin\AppData\Local\Temp\F86A.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F944.tmp"C:\Users\Admin\AppData\Local\Temp\F944.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FA00.tmp"C:\Users\Admin\AppData\Local\Temp\FA00.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FB38.tmp"C:\Users\Admin\AppData\Local\Temp\FB38.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FD9A.tmp"C:\Users\Admin\AppData\Local\Temp\FD9A.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FE36.tmp"C:\Users\Admin\AppData\Local\Temp\FE36.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FEF1.tmp"C:\Users\Admin\AppData\Local\Temp\FEF1.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FFBD.tmp"C:\Users\Admin\AppData\Local\Temp\FFBD.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\68.tmp"C:\Users\Admin\AppData\Local\Temp\68.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\124.tmp"C:\Users\Admin\AppData\Local\Temp\124.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\347.tmp"C:\Users\Admin\AppData\Local\Temp\347.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D3.tmp"C:\Users\Admin\AppData\Local\Temp\3D3.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\460.tmp"C:\Users\Admin\AppData\Local\Temp\460.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\644.tmp"C:\Users\Admin\AppData\Local\Temp\644.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6A2.tmp"C:\Users\Admin\AppData\Local\Temp\6A2.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\71F.tmp"C:\Users\Admin\AppData\Local\Temp\71F.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7EA.tmp"C:\Users\Admin\AppData\Local\Temp\7EA.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\867.tmp"C:\Users\Admin\AppData\Local\Temp\867.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8D5.tmp"C:\Users\Admin\AppData\Local\Temp\8D5.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9DE.tmp"C:\Users\Admin\AppData\Local\Temp\9DE.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AD8.tmp"C:\Users\Admin\AppData\Local\Temp\AD8.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\B65.tmp"C:\Users\Admin\AppData\Local\Temp\B65.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\C20.tmp"C:\Users\Admin\AppData\Local\Temp\C20.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\C7E.tmp"C:\Users\Admin\AppData\Local\Temp\C7E.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\CEC.tmp"C:\Users\Admin\AppData\Local\Temp\CEC.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D88.tmp"C:\Users\Admin\AppData\Local\Temp\D88.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EC0.tmp"C:\Users\Admin\AppData\Local\Temp\EC0.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F2E.tmp"C:\Users\Admin\AppData\Local\Temp\F2E.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FDA.tmp"C:\Users\Admin\AppData\Local\Temp\FDA.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1037.tmp"C:\Users\Admin\AppData\Local\Temp\1037.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\10C4.tmp"C:\Users\Admin\AppData\Local\Temp\10C4.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1122.tmp"C:\Users\Admin\AppData\Local\Temp\1122.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\11ED.tmp"C:\Users\Admin\AppData\Local\Temp\11ED.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\126A.tmp"C:\Users\Admin\AppData\Local\Temp\126A.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\12D7.tmp"C:\Users\Admin\AppData\Local\Temp\12D7.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\13A2.tmp"C:\Users\Admin\AppData\Local\Temp\13A2.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\141F.tmp"C:\Users\Admin\AppData\Local\Temp\141F.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\149C.tmp"C:\Users\Admin\AppData\Local\Temp\149C.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1558.tmp"C:\Users\Admin\AppData\Local\Temp\1558.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\171D.tmp"C:\Users\Admin\AppData\Local\Temp\171D.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\179A.tmp"C:\Users\Admin\AppData\Local\Temp\179A.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1836.tmp"C:\Users\Admin\AppData\Local\Temp\1836.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\18B3.tmp"C:\Users\Admin\AppData\Local\Temp\18B3.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\1940.tmp"C:\Users\Admin\AppData\Local\Temp\1940.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\19AD.tmp"C:\Users\Admin\AppData\Local\Temp\19AD.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\1A49.tmp"C:\Users\Admin\AppData\Local\Temp\1A49.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\1AC6.tmp"C:\Users\Admin\AppData\Local\Temp\1AC6.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\1B63.tmp"C:\Users\Admin\AppData\Local\Temp\1B63.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\1C0F.tmp"C:\Users\Admin\AppData\Local\Temp\1C0F.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\1C7C.tmp"C:\Users\Admin\AppData\Local\Temp\1C7C.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\1CDA.tmp"C:\Users\Admin\AppData\Local\Temp\1CDA.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\1E51.tmp"C:\Users\Admin\AppData\Local\Temp\1E51.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\1EBE.tmp"C:\Users\Admin\AppData\Local\Temp\1EBE.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\1F3B.tmp"C:\Users\Admin\AppData\Local\Temp\1F3B.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\1F99.tmp"C:\Users\Admin\AppData\Local\Temp\1F99.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2035.tmp"C:\Users\Admin\AppData\Local\Temp\2035.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\20D1.tmp"C:\Users\Admin\AppData\Local\Temp\20D1.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\213F.tmp"C:\Users\Admin\AppData\Local\Temp\213F.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\23B0.tmp"C:\Users\Admin\AppData\Local\Temp\23B0.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\242D.tmp"C:\Users\Admin\AppData\Local\Temp\242D.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\24AA.tmp"C:\Users\Admin\AppData\Local\Temp\24AA.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\25B3.tmp"C:\Users\Admin\AppData\Local\Temp\25B3.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\2630.tmp"C:\Users\Admin\AppData\Local\Temp\2630.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\26AD.tmp"C:\Users\Admin\AppData\Local\Temp\26AD.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\272A.tmp"C:\Users\Admin\AppData\Local\Temp\272A.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\27C7.tmp"C:\Users\Admin\AppData\Local\Temp\27C7.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\2863.tmp"C:\Users\Admin\AppData\Local\Temp\2863.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\292E.tmp"C:\Users\Admin\AppData\Local\Temp\292E.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\29BB.tmp"C:\Users\Admin\AppData\Local\Temp\29BB.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2A18.tmp"C:\Users\Admin\AppData\Local\Temp\2A18.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\2AE3.tmp"C:\Users\Admin\AppData\Local\Temp\2AE3.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2B70.tmp"C:\Users\Admin\AppData\Local\Temp\2B70.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\2BFD.tmp"C:\Users\Admin\AppData\Local\Temp\2BFD.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2E00.tmp"C:\Users\Admin\AppData\Local\Temp\2E00.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\2E7D.tmp"C:\Users\Admin\AppData\Local\Temp\2E7D.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2EEB.tmp"C:\Users\Admin\AppData\Local\Temp\2EEB.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\2F58.tmp"C:\Users\Admin\AppData\Local\Temp\2F58.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\3033.tmp"C:\Users\Admin\AppData\Local\Temp\3033.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\30CF.tmp"C:\Users\Admin\AppData\Local\Temp\30CF.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\319A.tmp"C:\Users\Admin\AppData\Local\Temp\319A.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\3256.tmp"C:\Users\Admin\AppData\Local\Temp\3256.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\32C3.tmp"C:\Users\Admin\AppData\Local\Temp\32C3.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\3330.tmp"C:\Users\Admin\AppData\Local\Temp\3330.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\33BD.tmp"C:\Users\Admin\AppData\Local\Temp\33BD.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\34D6.tmp"C:\Users\Admin\AppData\Local\Temp\34D6.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\365D.tmp"C:\Users\Admin\AppData\Local\Temp\365D.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\36CA.tmp"C:\Users\Admin\AppData\Local\Temp\36CA.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\3738.tmp"C:\Users\Admin\AppData\Local\Temp\3738.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\37F3.tmp"C:\Users\Admin\AppData\Local\Temp\37F3.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\3861.tmp"C:\Users\Admin\AppData\Local\Temp\3861.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\38CE.tmp"C:\Users\Admin\AppData\Local\Temp\38CE.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\3989.tmp"C:\Users\Admin\AppData\Local\Temp\3989.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\3A45.tmp"C:\Users\Admin\AppData\Local\Temp\3A45.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\3AC2.tmp"C:\Users\Admin\AppData\Local\Temp\3AC2.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\3B3F.tmp"C:\Users\Admin\AppData\Local\Temp\3B3F.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\3BCC.tmp"C:\Users\Admin\AppData\Local\Temp\3BCC.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\3C49.tmp"C:\Users\Admin\AppData\Local\Temp\3C49.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\3CF4.tmp"C:\Users\Admin\AppData\Local\Temp\3CF4.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-