Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:08
General
-
Target
2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe
-
Size
486KB
-
MD5
46cb2db62c21e728126ee7691558e198
-
SHA1
ee7ea0be1eabfb3de0f0ee456848f04d180110e3
-
SHA256
0ac6f6015401011a4d8e89ae9a3c7615520bbe103d6c96888a39f78153880bdf
-
SHA512
9706b2ab58ea5f54d4c4b5c83ef48650a4d95b42596a18e15846364a12b166ef4eab79785a5e5c412db79342de1d3b30f167c0e3db28e66d4e76cc5b7b02d056
-
SSDEEP
12288:3O4rfItL8HPAb2xPXL0hIUhDMxodWTX7rKxUYXhW:3O4rQtGPzlXs99WTX3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BF2A.tmp"C:\Users\Admin\AppData\Local\Temp\BF2A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe A064BEF58D18F34C7C907BD1CF054D17D5805FE61CC94C7CD0905B8376E0D65B11600EEFBCFB79FE2C929688B7DC63F9CE80378C09BD29AE311D7375CAEE02232⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD569fec9275b8985b37a7e2af58e9e458b
SHA11dadb7ea280c03cad88c2e750af8ec1e511679c2
SHA2566163e7ef99af29d13a4b8e17e0bea0f7c0753a63f12c7c528fd89c8058e145c9
SHA512172d7b3c57db8b3ad49c4fbe444df3e27a3f7628617e1f3e01ba6070fcdc509862972186958dfbba42868df8ed8b9c5ffcd4bc145cbaa17d7388c280db2a3734