Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/01/2024, 16:27
General
-
Target
2024-01-26_86ad2de3b19e9c6ab336e031ec7113a7_mafia.exe
-
Size
433KB
-
MD5
86ad2de3b19e9c6ab336e031ec7113a7
-
SHA1
86fa3450f6fa311da805d0552352e6814c90b7c8
-
SHA256
ce5e065ca2b2697e6b78b9a0ba3964496d8e5372036668c447d9d46511bf54a2
-
SHA512
1b29d72e563f9f5c0f03defc49d4a3b5268b6e060c9bd4d85bc56d1218e9393b2ef515aa6297e53dacb7622a9d23ccbfc09f5b418e222fbaaa1c40156f55939d
-
SSDEEP
12288:Ci4g+yU+0pAiv+fSqP1PdVnUrEDj5w2y4kPn:Ci4gXn0pD+3jUrsazv
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_86ad2de3b19e9c6ab336e031ec7113a7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_86ad2de3b19e9c6ab336e031ec7113a7_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A7D9.tmp"C:\Users\Admin\AppData\Local\Temp\A7D9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_86ad2de3b19e9c6ab336e031ec7113a7_mafia.exe 3BFB97C171CD1AE6A5AB1DA9F18654C5080A37176A97A432BCC328FF706CB5946770B60F04ED198AF1738A0CD6843483392806C9F9310F685DA9CFE95582BFCE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5e1c8c06493e1f1885cba25ba8ce09d94
SHA133af62dce08b04e8b8215642d575cd09ac9368ee
SHA256427bcff5d6aedeb37b4c7485d680a51d5fe1d421deccd4358ec2afc306513262
SHA512585cbf7a6c9eadf2c3707e5d4cbac5184a57912d99b00468c8f3801f4a31067f95e344786f3be672aa9483dae4af0e0e0627ccb873bbf912a28a8ab66ce6fea4