Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 04:31
General
-
Target
2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe
-
Size
473KB
-
MD5
4555063bc714ef81a8b1286e4f5ef53c
-
SHA1
d537a11ffdc741e767debfa70584b58293e343c3
-
SHA256
4ad8e3c13d7e3858eaa7c3e15d0ccf58c15aa8d8feacd0d18da1e56044facc28
-
SHA512
b620662e0f7a2a698b7bc9c016cf20f4e183264ca49be53d29fff43882359238624419ad894dd4b4792572750daabb426cf5737732e22b437cdbf05656afb817
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStBUwq/a1Lob4cc8zh23RUGAMsnQKN5fOoqiu:Nb4bZudi79LCwa1c1Pk26sN8L5QA0a
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6419.tmp"C:\Users\Admin\AppData\Local\Temp\6419.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_4555063bc714ef81a8b1286e4f5ef53c_mafia.exe 7104C68DBF8EC300278E66D4E3CEEECFD5910AC75ED37923C643FE5E20E0E2BF241FC7A26E5853F3311AC6F44E10B6425B2E95EF9AA24BD10FCFD3D153A635C42⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD50c5308db9142f04b0a387f03ddead65c
SHA17ae63415bfb995c76fb72fc228cc53675bccb76a
SHA25630e2149cc981897c010f98bf6aa6a5807fa3901b25be7389f2238670dcb67d96
SHA51225def4e7689808f54ad654465d65d5ae4706ae2e78d6dbfe67e3a31b8ad282bea3964b6f43a1969ec3f65e86615dfd98c5ac51d3071997c11da874c6e3ad0f76