Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
23/01/2024, 21:23
General
-
Target
2024-01-23_39f5c6da253d697dde3473cf645b475c_mafia.exe
-
Size
468KB
-
MD5
39f5c6da253d697dde3473cf645b475c
-
SHA1
2d9d9ea07cf08053e026ea1d6507bd883e483ad7
-
SHA256
a3a124b2c2bed8511f6e6fb57f4614c87ab0d841fcac543300df49097c7a21f3
-
SHA512
6b54eb901b1435d271b017eb580ac1392d3f8e0990c89833f6df3fc8e6960cd4cd1daa25c576f1c1c29b68f93fceaf329b017df9418632cb4a1052c00e448320
-
SSDEEP
12288:qO4rfItL8HGT3iVEkuM8CGR+EWdmEI2KNLX/7bWmeEVGL:qO4rQtGGT3iVEkN8CpKNLPumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_39f5c6da253d697dde3473cf645b475c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_39f5c6da253d697dde3473cf645b475c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C4B.tmp"C:\Users\Admin\AppData\Local\Temp\4C4B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-23_39f5c6da253d697dde3473cf645b475c_mafia.exe 18560735804C26A5AA734A8BB2100620A6041275B2B63D9906554C92DA3CAB2428C4A3CAE515B4CBD78024E4664D8A81BF30E682A75A97938ACF71DDC58551502⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD530dbe7840a8cbcee15ee9f32f10886ee
SHA1d2574812746c3b3170049099508e7bd530eb92b3
SHA2563b3af23f43fcb4e93a19ce053e2b87c6de3d4711941a90ed60b8f7d6c935aeda
SHA512a32815f369abe9b14c8b3115cd0ee630d3dfac88378d67852d2cbf57bcb75dcc23fbf955070f3216169232c5b8ec63604f08baf5bb506429050b004b52c7b3ed