Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25/01/2024, 21:27
General
-
Target
2024-01-25_e079a3ee5d3c6184ebbd5b55d7f9dd65_mafia.exe
-
Size
444KB
-
MD5
e079a3ee5d3c6184ebbd5b55d7f9dd65
-
SHA1
79201762b1e506c525ef577e93108a70912ca463
-
SHA256
7780ab7dee1b4274a54e193eb6850c58c88743420622a5e7aebcb3bb1301177b
-
SHA512
033d9bceec2f9a947715bc2866ddc9718d02fc6dcd10c5b1429d303029420e0c706676370ab4ddcc2cabf77770911c9198bfe1525232363b532a8cc2d3e77b6b
-
SSDEEP
12288:Nb4bZudi79LFxu/fmKrfGQzv9+rCk7zJA:Nb4bcdkLF43PzGK1sL/
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e079a3ee5d3c6184ebbd5b55d7f9dd65_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e079a3ee5d3c6184ebbd5b55d7f9dd65_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\513D.tmp"C:\Users\Admin\AppData\Local\Temp\513D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_e079a3ee5d3c6184ebbd5b55d7f9dd65_mafia.exe BB05D6CBDDADBA81D326DEE0D7F15C317FE6C5B0442E803F06C840941CD5C2D51FFC9FBBA18D4F758EC446443B2EA51351ACAD880B76FC93278C93EFF8C9E8AE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5701e8449035d70ecf80c34e582c8b010
SHA1c4927d5b604932d7a76e0ccc22b661a93457b092
SHA25605789208bf92a8e0a5abcea19cb09afbee0bdf6f5716c381f89a9c64c4664278
SHA512c5a486dad6bb61bcda07095b37791e564bb6fe1b2624d238be9c8365728cd4cc24052bbc571d5092e3ed76696c37e8092383272f6250305a93868183a6d960bf