Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
05/01/2024, 05:42
General
-
Target
2024-01-01_4b329bbe869beabfb592f3a8c8dd3390_mafia.exe
-
Size
433KB
-
MD5
4b329bbe869beabfb592f3a8c8dd3390
-
SHA1
74fce144ad8d9691f1da9e5654184ea5d8013390
-
SHA256
66ccd0f16e66fb6fa109d091546fe1ed2396c061c778fb2d1f00423520e07a0a
-
SHA512
42fa0ed30ade0d41f437ae788f38f0f9879e5ee62a9f22b58d2c3e0cf12a7eba80651d579f225a5713871ff51b618f2123a7ac921731d5b7bec4603e985c1b7b
-
SSDEEP
6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvMGgj21/gMgUtDNW56/x9XlIpCy3GICDQNwp:Ci4g+yU+0pAiv++Ggj9Zg59X0/2NDXRn
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_4b329bbe869beabfb592f3a8c8dd3390_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_4b329bbe869beabfb592f3a8c8dd3390_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8A84.tmp"C:\Users\Admin\AppData\Local\Temp\8A84.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-01_4b329bbe869beabfb592f3a8c8dd3390_mafia.exe 829837A3B5619B05F4D7094FAA164D3256F186EF38609B373714A4662C299AF61FD9A2626F82D0C27C68154ED15B00DC4969DBB7BC45DBE5FC3F463FBD523DAE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5a10e5998f115215a3afdfed9bbd390d9
SHA1bbfd7b4d6cd1bbe876b8fa51b4fe48b7efd7ff23
SHA256eeda7a9ed672a5f3ab755742b4ec6d0049216809fd80dea4a7e99ab6b99748bd
SHA512d9df29a4cd103f2529bf1e8da43dcf4667f2eed110250dd31930143bc6f0d93fb5944c3dedb97d89060c1f930be97bb7bf26128d48c0edb8c5b2a7db5675e297