Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 12:17
General
-
Target
2024-01-06_dd7caab332b98aeebc83176ed3901456_mafia.exe
-
Size
476KB
-
MD5
dd7caab332b98aeebc83176ed3901456
-
SHA1
07a0dcab52d0a2940da590de50a99412be4eae45
-
SHA256
c6578b6876945cce4f7a7120d4b1f4f53aa4c6192e03cf1fd8242a1ca62f3742
-
SHA512
a334d6dcbfe0877a245a196189be84a92e55798085a230ecde319bffae6e24f7466cca849e491de2bcf7ca580cd4bba382fab438f4bcdcdae6b9ae3d941efbef
-
SSDEEP
12288:aO4rfItL8HR27lDZATvxv4vq1Li9jRN7K9wlsDpVFd:aO4rQtGRIavx8WCRN+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_dd7caab332b98aeebc83176ed3901456_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_dd7caab332b98aeebc83176ed3901456_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C66.tmp"C:\Users\Admin\AppData\Local\Temp\4C66.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_dd7caab332b98aeebc83176ed3901456_mafia.exe 8427A0D12AA9FBE5DA857855684CFA4CC3FA4F0B5D3BF72A0F2698686ADB774B5E768F4223F84075464E7FB910BC61CCE115600095A5DE9827D874DD832A41322⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD585c7f6f7b74ad6c80e823ed93013185d
SHA16342468f0e1b7bee149bfad31676f63a8273ff7d
SHA256a4b73d868abbe74560cc2810c306784408173bf7039e53b83601ebdc19cc3bff
SHA5125a09f70c6b335a727ce435dbaf626cc7b7b55cec5c42e15f6b52b9a4e135858e712690d5337f868fee120a3b7a9210e265804729831ee0a5b3e30a51c5e10b2d