Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/01/2024, 11:23
General
-
Target
2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe
-
Size
444KB
-
MD5
0d92220cb91fed1782390af2c6c7c66d
-
SHA1
e2bacd482d1ba571544b90ca85bdf74f9fe7ed88
-
SHA256
d882ff1c96e58d8459d5776c1d917bcca1e41970f8440d2ca0de7d80fc788b07
-
SHA512
ff7f48bb541a73455d7104463768ceaf1db0f1088625685517fd9951146b48027524cb4e58687a9d3700964e2038e089640c42b1668fde3105cd8d32c22aacaf
-
SSDEEP
12288:Nb4bZudi79LbmvPgSZXBmOlVCOguyOPrlQA:Nb4bcdkLbkPgSZXB1l0OgOl
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3DD4.tmp"C:\Users\Admin\AppData\Local\Temp\3DD4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_0d92220cb91fed1782390af2c6c7c66d_mafia.exe 82D6F1C2D96C894993871E1A184F91C8FA878F9D9B99A14259D50007CBA54FB21C5EBB8DE5A7A50B0DFE31ACA88D8660FA009463D4D3B38ADDC5AF6D3C5052442⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5ac91edd2cb40cb881c14a307dcb84f80
SHA101941767aeb01c91fed25698acd9d6b45e91190b
SHA256d20bb44751427d452248ffe315c29e80d92e9aa0260f8086e9a8b0e95c3e9cbd
SHA5121b429aa41281d3b9346bc55d7947433af090b4c77bc791223ab3457d5a962ca3654f931bbb6b28729e8873b54cbb2d055391964633b3686caa685b2953b75229