Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
09/01/2024, 06:39
General
-
Target
2024-01-08_46f0f7944e661474aa2356fbfd910960_mafia.exe
-
Size
433KB
-
MD5
46f0f7944e661474aa2356fbfd910960
-
SHA1
5984fceb53e1ffd6258440dd84966e8d5ec01305
-
SHA256
89d725e980a9f150ef951bfc57313507de105408bc038ea6e20d6c82f36bc890
-
SHA512
cc26873cda282a8c1b3f7a91f87a1234c66b7703a7978999b5dd24e99df66703638f42f2c0e3af69556c05cfbf3502f40bef943f3734e4cf24081ebe4d46233d
-
SSDEEP
12288:Ci4g+yU+0pAiv+3XTduExdHwn1yllPuCQhKJn:Ci4gXn0pD+HXxC1ylxR
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-08_46f0f7944e661474aa2356fbfd910960_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-08_46f0f7944e661474aa2356fbfd910960_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4192.tmp"C:\Users\Admin\AppData\Local\Temp\4192.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_46f0f7944e661474aa2356fbfd910960_mafia.exe AB8A346725B8D1D6687FB3B4B184E9AB8052934F03B64A2E9FBF9A495779B67D708ABD7785B0DC3D9C638C11624F76C4F5DE9B5D6B3D4B0A3D80E8BE1A04E53E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5af2ffb2a1f792ed781f97b9059059524
SHA18f22b885dd64721ec75aad21319e96e45d5f921a
SHA25663a0025d728627f94892d2d0fb993d6008763e4bcc9efdcf8b62ca2648b40ed6
SHA5127e2c5327bc8d21b7d70aea82c1f2b398a939b5cc4d4d2cf730bcc74fc1ba353e51898f34733b742cc70609854d7bf0dd34b49d02cbc040d8f0ece371cc1f9859