Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
02/02/2024, 19:40
General
-
Target
2024-02-02_c3cf5d67a3481613863a15dff10e55d0_mafia.exe
-
Size
384KB
-
MD5
c3cf5d67a3481613863a15dff10e55d0
-
SHA1
240b88132c0f5259696a9e5c03376c1740a48982
-
SHA256
ad618f5396fa85612c5afa2729b57f8da16581bc513a05e607a030c5e34f3e4c
-
SHA512
e8f2330d88cea85756d1adb37b6f8738ec6c135e0ff920c4409546438e16f13da27f25cee497766f3a075844d8c5b031b443bd99cc91b4a9e5fe3a14c82f7527
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHeKnHGRBzT1s+uyz1WEq18j854Ev9c5WQZ:Zm48gODxbzUSH4B6qz1kk85a5rZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-02_c3cf5d67a3481613863a15dff10e55d0_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-02_c3cf5d67a3481613863a15dff10e55d0_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\62D8.tmp"C:\Users\Admin\AppData\Local\Temp\62D8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-02_c3cf5d67a3481613863a15dff10e55d0_mafia.exe 31DF3639EA3E8D144D89C4C1BE022C45025B8C1F584CF36D7D6C5F4A818E76BA0F89B4D23C2CB4CBDE2189E20BB66CC3C07D17CB6DA5976D5B5A434EB80FD9452⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5816a3646e1b0820c787808cd40baed76
SHA15dcf36e023f40e9dc9376bea544a04fef4f9f5df
SHA2561710eb650479be32bdce6dcd4fcb6ba7fe3e7497e5696e0c64b4e266aebf3485
SHA512b2884dc3ff1dae82a8fda449a3b7d9cb437d98d61d7b6a66f83be683355e9f9247a81daa999e842ab6483f291460d6a2c8f508b3e9bf3aebc3d5dd6cdc277d49