Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
12/01/2024, 05:59
General
-
Target
2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe
-
Size
428KB
-
MD5
5fde8cc0b807fe4a033790f8ff2422c3
-
SHA1
3b8f10852f906a9d62a12ba823bea2d88a35fc71
-
SHA256
c1fdb835c72e1bea36764a45884db108b9a7aa26ed3f0680eb321dbf150f811f
-
SHA512
867a06614149496fa698559e04240f33264c899358d9da6049805696d2a8d6a44ee239441414da9fbf0390de3ddf2a98c24f0f7ee8bfa95817b64c36d9a7bafb
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFbv0Oy3WyfzZuoOqUbnP2K++MADv6q5HqHR:gZLolhNVyE+v0VJzEoOqOH++M/kHqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2BBE.tmp"C:\Users\Admin\AppData\Local\Temp\2BBE.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe 0C0B2BB1DA588E47BE29DDA5A63C86DC97D16EB0F14639EB774CDDD0B896F98D626A6126B3B8BB57F29A7D96FF97DB86BAF7D6550AA5CCE6CC7159E8FF7338202⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD59482b552b5a5f706f3b4bfc249141a66
SHA19620e5f0b7c67931613c69dddb9f7a60bf304d28
SHA2560211252db902aa9c80a230a945527c8bd71d8d2c05f59dea50d0b4cc4601da34
SHA5123b057d300c0978a5c9fb682896c60ae1751b3681e95171f52b8984414ffe030f19c83f4560054d710cb446fd700574fb02123641a1b8c698a20356e844d2c4bf