Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
01/02/2024, 09:02
General
-
Target
2024-02-01_5335663d40b580db4f6e99e7fed390cb_mafia.exe
-
Size
468KB
-
MD5
5335663d40b580db4f6e99e7fed390cb
-
SHA1
c0f99128b5963521746aebe3ebc577176ee3b871
-
SHA256
38660680cd48edd0e2f03f064002c184c9c660f92f09c7d6c16afa83c56cd447
-
SHA512
81f6a47a524b584ce2ecdd3def3bc73bb6aa6bffb96c9d654aea3d2e73920880a6c498c0496439439596ad0395761f602ed2be5d5abe18cf867ec4bfe57c1d33
-
SSDEEP
12288:qO4rfItL8HGE+018zhQsXDnS2Sw7uO8k0pRx2nc7bWmeEVGL:qO4rQtGGC1AQsTrSwlcOncumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_5335663d40b580db4f6e99e7fed390cb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_5335663d40b580db4f6e99e7fed390cb_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9C1.tmp"C:\Users\Admin\AppData\Local\Temp\9C1.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-01_5335663d40b580db4f6e99e7fed390cb_mafia.exe A02CBAF2B8ABEE06A870671EB9E5BEDFB82DACB64B8123CD838BD09DEB38AE09DA6C6C49E8B16C4506DC2AEEE90231BA1E5A2F83E3F51493F835BC6E94E1B0242⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD533cfad07d96f55ba2fa52491c8196e92
SHA15e2962907e1adbf3ef7b644a42e74dac90b17fe7
SHA256c2af2d58c92bb67d77e837d53867a9b79b65908d3dcec64ebac71b8c9eb93ac3
SHA51279fb1143440967783180cc6243321c1264c2ba90aecd7fb52ee848abf23660f316dd23489ced2b107c44090f5fb7f90772831abd5d77fd738ef11f081988a4ef