Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/01/2024, 22:27
General
-
Target
2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe
-
Size
486KB
-
MD5
13f8add5b68c9c4ca4b554245594a8af
-
SHA1
579101af96c13d033de2e60c7c3ad96d4bf1c221
-
SHA256
66240ee43f385075fbaebe4a3040b59209754c5c88d47a4e14aed26fb4dadf10
-
SHA512
79ea7ddce9c56893d182c3d1df061f8a26c680da565ba2ec2c31d7a54c38b92170eb87ded1d5a837a0ad26abc5bd23d32ec4523d0b45408be9cadb5432d061bc
-
SSDEEP
12288:3O4rfItL8HPPWPb1ryqd8izVta2AymwE7rKxUYXhW:3O4rQtGPPuHd3V82AyM3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4333.tmp"C:\Users\Admin\AppData\Local\Temp\4333.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe 923DB5BC7ADA553736B12F48239352F49B31AD91EF87BF22A77BF748398C85B16AE35C0352A56E09D999CC1964E3B7DBCDB4D79251F0F2E08B8C52E7BAEA6E762⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD517bac8a163da6ed54c95588c86ce27d6
SHA16f313bf64f13d7837bbd3f696a747905ce2512e8
SHA256bfae17eaf2aa28e4711dbf6b8fd23bd4c111dddae0a8c7b2d256e2086aaa9cd7
SHA5125ca781bda8128099140cce86689366921df89de7f5c4afa9591a42893621ec9304343f824430e90e4377bed1e6e2ea4d404d91f3800490923ee6341ddae64c17