Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24/01/2024, 12:25
General
-
Target
2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe
-
Size
384KB
-
MD5
3bc480087dcd64e8bfab7cc8cd05beaf
-
SHA1
8ee89cd1b3d35d62e1eacb49c7c7f4536e64c57d
-
SHA256
0b1b5ccd3274ed0058b5f133a576c62dad353d2da9dc8fa6420148421a8b1c76
-
SHA512
06d8efc359f22a1c53d02f793beaa2d7601651bfd3d8be2fde80ea28ade65b57e321c260a17ae64db9b44ea3ef87dce7701f021c63174251bc699ee7e5fe5def
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hH8jGAvvjZf6a+frii0OS1V4APcVBAPO8TZ:Zm48gODxbz2jl6a9iRS1V4AP4APOmZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\192C.tmp"C:\Users\Admin\AppData\Local\Temp\192C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe D82CDCBDF661C00FF8109E20ADFF7DF1A4069E8BB8DD6F412EF801ED74676D011749F00B64C664A0D60AEC681BAB38E292D6F15E42B1DB3A12683B9100D78B4D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD512ef500944451a62a2eae4400cebbf88
SHA13c7582b6baf1c7c8d12b5369661b4f816104c9c8
SHA25659c032b00a9d754035adcaa1f4c05ad07f75d7bbc42cc6d01925e3624d184f0c
SHA5123d92031ebd4c5845cd454239b8eb4199a92acd39bd43770fdcbe344d3baebb832371eaceecd9989a624e65b5172cf6aebf362a067ab1ef6fa723cbb34392eaa5