Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:13
General
-
Target
2024-01-06_9465b851776e827c918462635e935a87_mafia.exe
-
Size
411KB
-
MD5
9465b851776e827c918462635e935a87
-
SHA1
5b1a89e26945f84f8b2a5384bf4a1f34a7ed7b67
-
SHA256
18563b12367aba8b0c196f3dfd957ce5e35806ec811c63bdc4b011fe7a8d72b0
-
SHA512
8bb5751f08af96e9284d88f4a07043b940c1216b0e1ec4a70b70c4950c11cffa5fd10eb925e16cce5b58df9ca0232583237a81c1778bdda75c0ee22077358f39
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFDhzzRwC4eo0ICa9JzCJAveBPqH:gZLolhNVyEKfRwC4mkztveqH
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_9465b851776e827c918462635e935a87_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_9465b851776e827c918462635e935a87_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\213.tmp"C:\Users\Admin\AppData\Local\Temp\213.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-06_9465b851776e827c918462635e935a87_mafia.exe 192EDF34D3F455643C8D6D0ED0A95E97A019E6C32D551DEC1536D55D6587F843D64FF370C8782A7599847D8B409EE71E4C2C9CFBAE4C75F3A01E609C29ED67DB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD52a110e167690c0dd798d515f06d61895
SHA1acafa061bbdf35ed9c4bfa03f2f79510b35b39cf
SHA256d82387fa982afc7285054f9e94c165eb95f64e123365baae937e14ed361c87ee
SHA512e2f9c55d1b94ae614105fa9ec827ab8f4d1067e365b4567f8775964dc16c4880ce6bdb2cfa62b6acecda6c79971708939020e142c61b30fa35823cdc6a95002f