Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
27/01/2024, 11:36
General
-
Target
2024-01-27_91dfef00bfe1f98089113fd026961d59_mafia.exe
-
Size
486KB
-
MD5
91dfef00bfe1f98089113fd026961d59
-
SHA1
7757d96612ba9a3693817ac01f3ebb3b7f94b0ad
-
SHA256
dcdf885e67dbe0f87be2384c3dd302ceb5f125878d09d77075d30a38b6886a23
-
SHA512
ae5c405d43a3f4cd1f4b5c5df47a7d53247f5eda5d400952eba8b2c9d447436a4a9ad267562f4636246f72a65dd69b2e6d905d33c425177b82e6f92a4da41c82
-
SSDEEP
12288:3O4rfItL8HPMIPSp1X/K+cGM4i0rGGG27rKxUYXhW:3O4rQtGPMKSp1XC+cGM4+GG23KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_91dfef00bfe1f98089113fd026961d59_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_91dfef00bfe1f98089113fd026961d59_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\513C.tmp"C:\Users\Admin\AppData\Local\Temp\513C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-27_91dfef00bfe1f98089113fd026961d59_mafia.exe BD384E2D8B7998C153326A71B07FA570880BE4EF8784C3AAFE7C044032DF826F9FFB7C9E449FD265283194AAF7D053D349570431C407B28DD699C94EB843123E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD553031bda1f10f29f3bc6186268342cad
SHA109a31a4b0aefe63397acb855726713f1b12e28e0
SHA256c77e771567f9a96410e0fe55c1b9b6e0edb7468a7e3bb8baab70f83f929ca862
SHA51206ecdc2df4772ec0f3b03bebd4be33b22c5b0facb7ba0525aed19bb109fc6461534e3d82ec03d827b4be9c7a2e233820ae8b32503f9e7eb001b1bbb57c016ee0