Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/01/2024, 11:23
General
-
Target
2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe
-
Size
444KB
-
MD5
0d92220cb91fed1782390af2c6c7c66d
-
SHA1
e2bacd482d1ba571544b90ca85bdf74f9fe7ed88
-
SHA256
d882ff1c96e58d8459d5776c1d917bcca1e41970f8440d2ca0de7d80fc788b07
-
SHA512
ff7f48bb541a73455d7104463768ceaf1db0f1088625685517fd9951146b48027524cb4e58687a9d3700964e2038e089640c42b1668fde3105cd8d32c22aacaf
-
SSDEEP
12288:Nb4bZudi79LbmvPgSZXBmOlVCOguyOPrlQA:Nb4bcdkLbkPgSZXB1l0OgOl
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ABA.tmp"C:\Users\Admin\AppData\Local\Temp\ABA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe 8BABE2C62C7499E4EA6811373BB5BB701A3FD5D96D28661ABF5158B1E31902FEEBDE518126B51FFD48588A3D5BC0E6723908285424CCDE975BA32AA5AFFBCA962⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD55f2086646f19e87d558efad32b3e6ab5
SHA122af4a6fe94f8641dfe70a9d5883b61ba51824f8
SHA2566dfb5fc670ddf7432112668f9b367028022848e1e8fcee7b7fdbd572e87791ba
SHA5123b3b08aeb9689070223e12fbe6a95e55abb714f4c3520373f280d0f94ae5b7c73b582cf9d74f65a518256430c0b1b645cdc722da14ee8828f7dddf1096692b39