Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
11/01/2024, 05:48
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe
-
Size
468KB
-
MD5
3512192e50317945d1dc6fcdba81dc0c
-
SHA1
c8afe89a697ee058c9925909b61a92cb5ff4ead8
-
SHA256
b9fd85f29936bd81f13dc98b612476eab292e4c759cd30f1719e558eec82b602
-
SHA512
508f20a7d285302951417d936720bda557859d2b7e582ba554f7a4c20703306a392789c2949bed19400fdbe94bd9df713358dc9f4c08eb7a70ed411bdb20f780
-
SSDEEP
12288:qO4rfItL8HGtYO8oLd2NyZ4x0luB17bWmeEVGL:qO4rQtGGmO8EdiNkwumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2412 1A73.tmp -
Executes dropped EXE 1 IoCs
pid Process 2412 1A73.tmp -
Loads dropped DLL 1 IoCs
pid Process 2348 2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2348 wrote to memory of 2412 2348 2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 14 PID 2348 wrote to memory of 2412 2348 2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 14 PID 2348 wrote to memory of 2412 2348 2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 14 PID 2348 wrote to memory of 2412 2348 2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\1A73.tmp"C:\Users\Admin\AppData\Local\Temp\1A73.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 7A7C2C5207C00A62E4E38BCED84185D690C3C671D082A99B34AF0F416D8AFE6B7C7D6816135F6DCF44C5ACD0D3399A4E3BC87E727A2FBFC2BDC116CFB38564C21⤵
- Deletes itself
- Executes dropped EXE
PID:2412
-
C:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2348
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
261KB
MD50ffe0b79bd49adef50a86d4cf2657bfb
SHA19512b8c6e749cfba8b0ce82397f5276ed6ad192a
SHA256b289e6c4666f54edccdbe46cd5c3ffa11e1d6182625298d8ef07d5ba247b2939
SHA512a9d84629a0947918bdf16fe3e9f680591ffd8578decb1b0bfd348d9c75ca99ac86618e3e74d2cc3c7d79fce49eb3db87a3600a19f891c3e380ce8bd315fbc6b3
-
Filesize
409KB
MD5b9758bfb46444f7a70a98a95c89c995c
SHA126ccd7c618055551251059d55cc05c4eca7d6cfc
SHA256e416995ac9aba8d8ba5389d7c6a7d60a19f6e55c916c9460ea5fa7b7da547d86
SHA51296a822b026fdc81f5728e70704cdd3e3060dcce2d31b328988a6fdb946c05c0a0b2c5ba0b81493e64b533e7c266db02e44eb7a6054be27bb2a548b33658f8e50