Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 12:15
General
-
Target
2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe
-
Size
428KB
-
MD5
bff0910d533da4f117afc92303921e2b
-
SHA1
0b370adbe4d94f604d2e6bc445d3ea701a2e628b
-
SHA256
0551f2ef4d739f2c2f2f2777f8f386e73e746efea4c73ee5bad61d52ef566063
-
SHA512
a59b2167b5c3815ae26496136b5f5cfafc17f616f5cb098363bc459392178bba65fa0126bc22a16677d1dec8b65f4802229271324c1b152e6910977a2bebdfb1
-
SSDEEP
12288:gZLolhNVyERcpWnTZ1FFUoOMsK/MKuwX4/qHR:gZqhOERcpOT9CLGuM4i
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48A2.tmp"C:\Users\Admin\AppData\Local\Temp\48A2.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-06_bff0910d533da4f117afc92303921e2b_mafia.exe D503BD29B3029E03CC39046C13D8053A5A7506CB2CFDEE41705A51920BC1A73ED1212004B30317C564480B278601E0E7B0D2A3AE7EC3D97A645A0BC46BE6111D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5c1322a9234abdabca1265352be8ce835
SHA1cd39c2793418b3963837517103618889af85e1c6
SHA256ed2710153148835f07a26f89b80db8709861d0923467371874c38c1aa7aaf3fd
SHA51283c8c5d0ed18703835feb4c939c52bf03b7c86e394a89b16e9b0ce7708e2194b1a5ae895e9a0237d15749c5c2b9df24927567ac842b8547f536246f711704ed0