Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
01/02/2024, 20:47
General
-
Target
2024-02-01_a05365c1e647c491bc718d690e7fdd9c_mafia.exe
-
Size
486KB
-
MD5
a05365c1e647c491bc718d690e7fdd9c
-
SHA1
06841d0fddd8bbbc3b8aa69859e1a50a1c618b2c
-
SHA256
9429931f7957f04454b5023e65aacba8c9f17b3d251bd1de8ee0ad0e41cbffcd
-
SHA512
835bda20dc114dd480f54ff558ba0a42bf5b99591da7a2cd16f9f31138a195ed2cc7469158f3fb19150034f5444fb800c20566cc69d8d60498078dd160b1f61e
-
SSDEEP
12288:3O4rfItL8HPkkB3zYW0/TCKh8ylCoAMLyr7rKxUYXhW:3O4rQtGPkkB3qTCKtlCodLyr3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_a05365c1e647c491bc718d690e7fdd9c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_a05365c1e647c491bc718d690e7fdd9c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D45.tmp"C:\Users\Admin\AppData\Local\Temp\4D45.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-01_a05365c1e647c491bc718d690e7fdd9c_mafia.exe 568DCF2A2BCA2D16F0924BE57353E2B655C1D48966B65B4B41D247A4D2F5AB784BB8DF5548C1D95B0CC305255653EF375E606B8AB7572A687269A30C0D0052622⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5117493fb9f065f21837f95128da8e2d8
SHA10a0c6e89758702e25f2b65c2c0f0ba4848b7468e
SHA256891427fc5da7e269934747e10a49fc64b4c890f71aa2b8f6871ca7788e382238
SHA5127991f13f97e0e0acb1d9c6fb32af988ae68514bf513169bbfec6f8728587ad426ed410cc61789472e803028f9f07f29a955f5f8f988c1c7e14d8e150c507ebc3