Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
24/01/2024, 12:25
General
-
Target
2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe
-
Size
384KB
-
MD5
3bc480087dcd64e8bfab7cc8cd05beaf
-
SHA1
8ee89cd1b3d35d62e1eacb49c7c7f4536e64c57d
-
SHA256
0b1b5ccd3274ed0058b5f133a576c62dad353d2da9dc8fa6420148421a8b1c76
-
SHA512
06d8efc359f22a1c53d02f793beaa2d7601651bfd3d8be2fde80ea28ade65b57e321c260a17ae64db9b44ea3ef87dce7701f021c63174251bc699ee7e5fe5def
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hH8jGAvvjZf6a+frii0OS1V4APcVBAPO8TZ:Zm48gODxbz2jl6a9iRS1V4AP4APOmZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3894.tmp"C:\Users\Admin\AppData\Local\Temp\3894.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-24_3bc480087dcd64e8bfab7cc8cd05beaf_mafia.exe CEDC156E740D574CD09004755D5167BEEEEF08B27A668BE0AF2416AE83E36FC801C15EF0A35A6F16E55DCCBC0EFECD0365B35BE7E1ED8F476FD0AF82AD0533332⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5020c620609479bd923399b50183e9b99
SHA16d29e972691ad6e1a8a915858a0e187ee941f745
SHA256b341ab70bc791220d1e1856d14824b1b3f3793b2c0d37db3f0330283271b9f13
SHA512d47e61ebcc0ba29f1c9551e27c8dfe91c7b8966a349ed4e41c347ca347706a5fe331016e566111bfab360d826e149d3a54dad83f0b696b8347a7c8bcf2025098