Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
128s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/01/2024, 23:34
General
-
Target
2024-01-18_f4ac2d18f2fcc6146753b889d13e2fe4_mafia.exe
-
Size
412KB
-
MD5
f4ac2d18f2fcc6146753b889d13e2fe4
-
SHA1
093fd102e17c2d4511ddb5787b820aa4b610d544
-
SHA256
caf1462e2fc4873cfccc453d786303d52c9f0b7f3b88c5eb9653ce1c4025f5e3
-
SHA512
813cc8a10bd600ccdc841739263937b98f04a4587fab77664b1d7a5bc19a9a89115938ad4fd5971ed811075c9c888e580e44725e99290cfd880bb371a7bcb0bb
-
SSDEEP
12288:U6PCrIc9kph5BSY5anq5wNjtLvLtOkQOU:U6QIcOh5wYx5wtZokQO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_f4ac2d18f2fcc6146753b889d13e2fe4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_f4ac2d18f2fcc6146753b889d13e2fe4_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F538.tmp"C:\Users\Admin\AppData\Local\Temp\F538.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-18_f4ac2d18f2fcc6146753b889d13e2fe4_mafia.exe C7A1BC50981BE09EFDAAB4B0FF3E822DBFE0A38C7EB1061A481500101E8E6D4EE230E8697318FF38625521081E58F18EB1B82D505482B2E530B894ECD90931362⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD52b84b1f608055c1691d036a890884949
SHA168afe4e733270bda1781b5bac92c2feb1a3f471a
SHA2564e73fa084348b8a0319f32029482adb70e8501e8ab729fb2b9f0dd30f73c3486
SHA51235555f7807d82d209125c0290d743273e149b0ed12dee4a09ab91340009c2ec1fb0b421667d9f0ee90df4206341415e5cf0093e10743e0be675b89b8beab50eb