Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11/01/2024, 05:48
General
-
Target
2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe
-
Size
468KB
-
MD5
3512192e50317945d1dc6fcdba81dc0c
-
SHA1
c8afe89a697ee058c9925909b61a92cb5ff4ead8
-
SHA256
b9fd85f29936bd81f13dc98b612476eab292e4c759cd30f1719e558eec82b602
-
SHA512
508f20a7d285302951417d936720bda557859d2b7e582ba554f7a4c20703306a392789c2949bed19400fdbe94bd9df713358dc9f4c08eb7a70ed411bdb20f780
-
SSDEEP
12288:qO4rfItL8HGtYO8oLd2NyZ4x0luB17bWmeEVGL:qO4rQtGGmO8EdiNkwumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6B8B.tmp"C:\Users\Admin\AppData\Local\Temp\6B8B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-10_3512192e50317945d1dc6fcdba81dc0c_mafia.exe 68D93750E1710095259129C9BEA6A509B3C8FCBC7E9EDB16E5EEB98EE5C5D86FE44898AFE453EA226CA0319E10C14510CDAF6DAA337CFF59B639E1A0241391552⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD584e1759eb2863cf631d76e3c4549e514
SHA1c6cf236526e1279564cdb058727f0ddb9680594f
SHA25693e670b833886d179fdd8b57c1efd1bb22cf59c29ef05a6e9acf664b73b6a945
SHA512a50abe5b79a3aaff71bd3a82767f3dedb162a328a111a7672ec0235355852f71973846eb70ab8e100a9f435623ab2f8ac42d6394d300563283b39a88e3d7f360