Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03/02/2024, 05:42
General
-
Target
2024-02-03_d41836452041f3b6cc22c2e45fa3e43a_mafia.exe
-
Size
433KB
-
MD5
d41836452041f3b6cc22c2e45fa3e43a
-
SHA1
e2ab2ef3547b069149711ed210ab970e92247edc
-
SHA256
094907f9da90f5101643e9bd29d07bf8eda3e53db9f58f2c3462cf79c4ee7424
-
SHA512
04ffb1ef65431f35d36feb7b4e966d7a754423dffa760a550b44c67ebf2aa47bbe234298f377416ed6c4c37a27cd50ee01452026cff6629426b56789dcb79fa2
-
SSDEEP
12288:Ci4g+yU+0pAiv+kQJy17eEbotkPBWti5P/hyVfjDYn:Ci4gXn0pD+nJebotkn5xijs
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_d41836452041f3b6cc22c2e45fa3e43a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_d41836452041f3b6cc22c2e45fa3e43a_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\13B0.tmp"C:\Users\Admin\AppData\Local\Temp\13B0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-03_d41836452041f3b6cc22c2e45fa3e43a_mafia.exe A625B0D685A6B41F4DB54D5119891196F84FB40D3C2FCC39675DBC6E3DDE2D0B8C1A4E4B525899378A4460FE1A362ECC27C6D35E8B815083BD0DBB4F8040C0882⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD56d1dce5dededc787790a28bbb354897e
SHA11cdec3256ee0bdc7515eb55de31e66e2d0eb8b79
SHA256109808c7736403d57c8b0a946953dd9c6b227d95340911d67319c1fd350e7c99
SHA5129f3f236e2245f65259e150fd8a87177d08edee3f4749052a4e373aa92464f0ca338e681e549f02c1a243e264308cc7c17cc10c64233bd8649f3ddee16672f7c2