Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18/01/2024, 23:33
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe
-
Size
384KB
-
MD5
f30cd819000d034744ccb29421408d65
-
SHA1
9445d2580ea0c3afb70be7cbf923902cf0ae904a
-
SHA256
fff071bb9553f9fa5081c3ddb3d10caf1664dcedbdf276d9f645f8ba942ccda4
-
SHA512
28a1e92319be9b29d2b430a6a28d7ae7699bc8917ba5e08ba4dabaa266213a3cc9810fad2fbc21cf2e60b6d78ff3ffefd4ee2df68de11424f201e108484b53a4
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hH1cuFsO5zuNHxVnBnUrXX0cUUhZ:Zm48gODxbzbcuFn5zuDk0p6Z
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2336 8353.tmp -
Executes dropped EXE 1 IoCs
pid Process 2336 8353.tmp -
Loads dropped DLL 1 IoCs
pid Process 2836 2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2836 wrote to memory of 2336 2836 2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe 28 PID 2836 wrote to memory of 2336 2836 2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe 28 PID 2836 wrote to memory of 2336 2836 2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe 28 PID 2836 wrote to memory of 2336 2836 2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\8353.tmp"C:\Users\Admin\AppData\Local\Temp\8353.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-18_f30cd819000d034744ccb29421408d65_mafia.exe A54E3992EB19F26B733700375CAC617742C0749A12EF1FDE968EE11A209D931526EA950EF6FBE2D120A45ED6631372F84AA3E1D8F8AF728383431DCD166B669A2⤵
- Deletes itself
- Executes dropped EXE
PID:2336
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD586ae6fb96ccfc4b88f9244bdb0812cf9
SHA1af7ed67e1dd0e116c75e01d8549efca545e8c018
SHA25653337590fe82141d3044699e3947c984d2f19d82f125d6d55d1fd298b43e233d
SHA512cefdbf8607344efc3086e7f999bb61ae8aa291fa9cc123e83f6940f410ca04263aaf754b4adcec23cd73f0a3a3e2d4df679d3e0dd54ef80f986b82a402114c34