Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
164s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 12:08
General
-
Target
2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe
-
Size
486KB
-
MD5
46cb2db62c21e728126ee7691558e198
-
SHA1
ee7ea0be1eabfb3de0f0ee456848f04d180110e3
-
SHA256
0ac6f6015401011a4d8e89ae9a3c7615520bbe103d6c96888a39f78153880bdf
-
SHA512
9706b2ab58ea5f54d4c4b5c83ef48650a4d95b42596a18e15846364a12b166ef4eab79785a5e5c412db79342de1d3b30f167c0e3db28e66d4e76cc5b7b02d056
-
SSDEEP
12288:3O4rfItL8HPAb2xPXL0hIUhDMxodWTX7rKxUYXhW:3O4rQtGPzlXs99WTX3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C8FD.tmp"C:\Users\Admin\AppData\Local\Temp\C8FD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_46cb2db62c21e728126ee7691558e198_mafia.exe DC1BA8E688B906C0918E5FF3325D028C09C88CCCFBEAFC3BE6686BA6762A59320314AF192A68185E4D684B35E802591127C8037D2A6CB1A08457E5570B6C358F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD56e30df69879468fb7c97d21ae90b9315
SHA1ed3beac2f61d5637c34f31a66748b786132808f4
SHA25679356b0a9f925b7efaf957b4c32d19ec8589fa6ebe13e4a947d53c0be522c9de
SHA512f0c29a1ffd461733efab053ec5b197a9f5cf7ae5f4d56d9f88dfc864a24366ea75427534c8f00c9e23bade95044419c7176a062f52d410eb08871d15b4eeec35