Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:15
General
-
Target
2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe
-
Size
428KB
-
MD5
bff0910d533da4f117afc92303921e2b
-
SHA1
0b370adbe4d94f604d2e6bc445d3ea701a2e628b
-
SHA256
0551f2ef4d739f2c2f2f2777f8f386e73e746efea4c73ee5bad61d52ef566063
-
SHA512
a59b2167b5c3815ae26496136b5f5cfafc17f616f5cb098363bc459392178bba65fa0126bc22a16677d1dec8b65f4802229271324c1b152e6910977a2bebdfb1
-
SSDEEP
12288:gZLolhNVyERcpWnTZ1FFUoOMsK/MKuwX4/qHR:gZqhOERcpOT9CLGuM4i
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\12B6.tmp"C:\Users\Admin\AppData\Local\Temp\12B6.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe 48E373E8E3B330D5D5253980926BC8A339FFBCB2D91A133F616BED00D776BE3C83189DF4494C4DE59234E65DE9300787F32630205540B79D761F1997EBF8C4982⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5de0e27ace863d3c394396e58caf4bab3
SHA1d9bd23f06d995f6181be82bf4f9e2230d04613fc
SHA256792128ed6c311adbdac38df654c5ee1135d28203cc96706d6af63826993104fd
SHA5120ffad63e4b291c85c7380f123ce8ac19a84cad4512bd1d4cc638e6b4d3d9095a817a085a05f41a00f695b72807d4b75e25ebf4cf1fa725406b5aaaefc317834b