Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
23/01/2024, 16:46
General
-
Target
2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe
-
Size
486KB
-
MD5
1ab5b951b6caf96586669d63ce1e110a
-
SHA1
e377533a1494c04a5985b7a66515cf8333e0f72c
-
SHA256
8aa1094c5444c0a2f5c4aef417ae4e6bb4b015832f294ebbb1f1a46ae202689a
-
SHA512
ad499c898d57fb921b4c2cee9044bf658c6ab915e6137ae320384ffd184ebe18310c32803f0bc31b328fcafa02be7a2b98d1be36806e70e01052093ffb0a4ba1
-
SSDEEP
12288:3O4rfItL8HP+GIyXMPtZrXjgBA7pMZV0BHKk7rKxUYXhW:3O4rQtGP+WXMTrTTm09Kk3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A026.tmp"C:\Users\Admin\AppData\Local\Temp\A026.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe 6FE680823787144C1534F68618E411344FBB7BB532251502B9313355CED9ABFA5FB344321B5D3FC576A922DBF2F2780C0626EC78CCC3B44B4B40E9BA5FD09FC82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD51673d05578a6b8920a056ecdd8069f1f
SHA12c109845475706396a13b49c9c402bab3a22c1e8
SHA2562bd09fdf415851eb2edb6932d8c5ef9c0ca068d36c635382dfd349a9efbf1abc
SHA5124f5815834a25dcd1b45483a7e7c616e7f9526d43aca28960fded374f163c6d03e42a4a92d8e1bf00662393daa858e60d2e6ccacb0536385e6911f6a2549b0484