Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
02/02/2024, 13:22
General
-
Target
2024-02-02_067a3b1fdd293249d83e20f4b7db7ae7_mafia.exe
-
Size
384KB
-
MD5
067a3b1fdd293249d83e20f4b7db7ae7
-
SHA1
a884b32d9cfc226638b47ac40baa038365efbced
-
SHA256
823b22061c33d68a17bc55d780b2bdd97fee8ebfb6190cb58e55d22df9ffcd1a
-
SHA512
7bb9fa418ef7766004233b8a2199b642d10a09180271696d1cf80f33b05f5b00568f7d7d0f8e732476c4d5e520bae2d67f0edc69a71943eda6b8203079f3154c
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHBb/A1MX6oqGuunmXBIp8XlPkxDnbbr5n7PAQIyR:Zm48gODxbzPAOVu3RIp8dmbbNay4WZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-02_067a3b1fdd293249d83e20f4b7db7ae7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-02_067a3b1fdd293249d83e20f4b7db7ae7_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8D4C.tmp"C:\Users\Admin\AppData\Local\Temp\8D4C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-02_067a3b1fdd293249d83e20f4b7db7ae7_mafia.exe 642C057E43633E66BF7765A1C7F5CA1F51FCC26689D89907A1954E7E05F3310778402F62F63F82D952226073D6143B04CA314485E84CD5EBE1FE6EA3286FFFB42⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5d59335e6857ded7c7cbde325050ec566
SHA11653a10c32205e92ba56062febf8184b386fec71
SHA256c288023e568cef727d12656525d6d4c5fffa1d60867e22a9e8a41c684eca8805
SHA512e91e7838bc1f8409f6f9335e0cda2b4aeb92dcecaf563d37074a11a8a3d9383642668ce65e838c89efc42b81dd517d2d954d629ad587b01020280ffacae61b4e