Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/01/2024, 10:27
General
-
Target
2024-01-25_999f0053105c57319a8cdb20e3040514_mafia.exe
-
Size
443KB
-
MD5
999f0053105c57319a8cdb20e3040514
-
SHA1
10ce81f71df17180e4a348aa1f50874ca6951382
-
SHA256
512267f2773b14e46e3d27b3d8c94e297fc3809c2fce8e184188a91767dcd399
-
SHA512
72ea4532b121b4a60358c11e52d75d12608ef10f262c502d3e01593557f93030e45c62697d6c68b4cdc8879081d724158b21c9eb8f59b9730f036988b7f54460
-
SSDEEP
12288:Wq4w/ekieZgU6SnqnIVzT0EwgGsZec1bXlMa:Wq4w/ekieH6VnIVzT0EweeILP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_999f0053105c57319a8cdb20e3040514_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_999f0053105c57319a8cdb20e3040514_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4F0.tmp"C:\Users\Admin\AppData\Local\Temp\4F0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_999f0053105c57319a8cdb20e3040514_mafia.exe 1BB4FA8570CCDAC8B219D4F32B3C8B4650EF76F1C40844A6BFA54C84E77F2249530B1AB991DCF30103DAE409003C0E8E4DF5738CE3FA2E569F95CF7255B564472⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD592d37c4526215fa21d35fff6a2c846aa
SHA153869ae4cd549813c073f00b66157d75c920652a
SHA256aebbb298036903f88d7f52f861b21b23d9c16b00f650236b513185cd50acaa5b
SHA512f2c648dae06e20cbb7d86fa5cef679f8e335e63650abb0a4e6b72d5e7cb5b9f7f4d9ccc49e5dbd0563096c9f853bc94f578c995696edc2143c4e820917991fe8