Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25/01/2024, 20:31
General
-
Target
2024-01-25_cb689169c1471a66ee846081d45058ff_mafia.exe
-
Size
443KB
-
MD5
cb689169c1471a66ee846081d45058ff
-
SHA1
3212a769604f480469816123e0cf04f056c7fd08
-
SHA256
81d48cc35964fbcce89b205e362ffa7aab88866cbb7fe6c7a46f1a311880a1e1
-
SHA512
8fee6e0dbe3c792ea12263cd51c44a5b96e90935fc0641a23484b1bbe1f7810f24cc8acc939417138d08fa80a436d4f3a58619f72ee3eb9f2fb196f59b9d18e6
-
SSDEEP
12288:Wq4w/ekieZgU61Rgv384AQeKQemzc9Edg2IxlMa:Wq4w/ekieH612Mi/scWdg28P
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_cb689169c1471a66ee846081d45058ff_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_cb689169c1471a66ee846081d45058ff_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\53AE.tmp"C:\Users\Admin\AppData\Local\Temp\53AE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_cb689169c1471a66ee846081d45058ff_mafia.exe D2CE0BB93E610FC786377AEF0657B1DDA99FEC1B62D156BCAE6FE870FB1E8CE4951531FA68CAC5D00013501D2F017B73C1F69B60AEA17434AE18C2DDF7D0F0682⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5abfd8bfd6a1e1c99c150bed70a7226cf
SHA132f89f85f2b81f782d13205d455ed3502059ff73
SHA25642d85202ed4de9c1a74b1461057cca7814852da111f58333e34ded9fb6a70689
SHA5121ce06610e38044bf92c66ecb7ac8bea30536bf9d3165ccad533d7fa22e561fce5d967f6c13464053018badb4ff61eb5c54d54e966c7c60688e3751f75cdb8f9a