Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
03/02/2024, 02:34
General
-
Target
2024-02-03_b63ead1ebb713c0963bc9a2771346300_mafia.exe
-
Size
479KB
-
MD5
b63ead1ebb713c0963bc9a2771346300
-
SHA1
ceea59a7c03bc26c0c51571694be1f14791e5b5c
-
SHA256
9d1462465bbbc74634f48963b53ffda7e426a95011909a6f0bc99faf51f7bd48
-
SHA512
02b65d4297a23cad48f03d403aa5a2fe01d9ee8bcbf0ceb27dffdd14ee1102d998a9eeb009beab5f683a398bd99ab8a854fe68c1917a1d08b7076636fd846585
-
SSDEEP
6144:b9EyS4oMxIkjxcWqHtg88HARRFnzn8cm2kshQaWaQ6daBcNgl4GTPW+3BUzsEf7z:bO4rfItL8HAhn8l2kcChP37K75UO
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_b63ead1ebb713c0963bc9a2771346300_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_b63ead1ebb713c0963bc9a2771346300_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\50DF.tmp"C:\Users\Admin\AppData\Local\Temp\50DF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-03_b63ead1ebb713c0963bc9a2771346300_mafia.exe 7612FD79AA6C61EC53A7124BA45137E24B71E4898570E0AEBF11BA18A666C4FD681867AEB830A52D0568FFF7EA30D02FC23E8C57DEFAB8DF8D5077C69391A50B2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD58c691ac17cecb7c2338fb7bf5c7bccf9
SHA12ea4b7a877e8d319a14e1e0c1eff2c8b465fd754
SHA2560bea28d6743b99adbe52d005fdfa39407b83f9bdec25b5b0d09eae21ed110e9e
SHA5125236b0cbfa35ecf57cc76ba73eedecdc5d00bee1ad83ea6163e281acff448928e0c1fae690fa148ce8f4d8d94cbc3110dd127509b03d01ee89c7937a3088d98e