Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/01/2024, 04:31
General
-
Target
2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe
-
Size
473KB
-
MD5
4555063bc714ef81a8b1286e4f5ef53c
-
SHA1
d537a11ffdc741e767debfa70584b58293e343c3
-
SHA256
4ad8e3c13d7e3858eaa7c3e15d0ccf58c15aa8d8feacd0d18da1e56044facc28
-
SHA512
b620662e0f7a2a698b7bc9c016cf20f4e183264ca49be53d29fff43882359238624419ad894dd4b4792572750daabb426cf5737732e22b437cdbf05656afb817
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStBUwq/a1Lob4cc8zh23RUGAMsnQKN5fOoqiu:Nb4bZudi79LCwa1c1Pk26sN8L5QA0a
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\85A.tmp"C:\Users\Admin\AppData\Local\Temp\85A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe A748E0DD0ACB8F4F7081DADA3DFBB1770403A69BA7B13D286619F9CAB9106CB036012EE144B88B8D5535EB6C24A50A0427BE1ACD2BDB9F0FBCA687C81494B8282⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD56583d96cfc7c02284ecb18aa584ef620
SHA1faff9974f0dc5c585887ea68dd5be724eb26c666
SHA256e8989eadd159098499ffeee5ac24821f13f7640bca51559c587d1478fb209b2b
SHA512eadf834ae46f1f2f33718be459c3749886392e9088fa38c89ec8ffe91dc44efaf9ec8db4f87568f30fccb5cba599a49a38a93bb5195d5f29f80227de1912c7e5