Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
03/02/2024, 19:32
General
-
Target
2024-02-03_adf94e922f4a23a3bbe19c60b832563a_mafia.exe
-
Size
486KB
-
MD5
adf94e922f4a23a3bbe19c60b832563a
-
SHA1
acf81b6f917490f5c678060b4be45daf4d33de0d
-
SHA256
eb03362c2c4bb69519631ca245272240ce521f7e387b0e5c4b1cab3bf1392b2c
-
SHA512
c8f5313bdbe470ec6644a283e07032fc2289ebe96367396ec0af02d0ef24b1a7f5217e5dce8dc98719946c81d9b9390f9e13b849341755a69ab5281454c7a397
-
SSDEEP
12288:3O4rfItL8HPvpGhj2S2e0Sds2b1bk02Okg1hGk7rKxUYXhW:3O4rQtGPvpGwBQdv1V2Dk3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_adf94e922f4a23a3bbe19c60b832563a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_adf94e922f4a23a3bbe19c60b832563a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A19.tmp"C:\Users\Admin\AppData\Local\Temp\4A19.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-03_adf94e922f4a23a3bbe19c60b832563a_mafia.exe B8B2DEBF49587DBE5667212F8063E1244DF56A29AED30E9E1C6C0BC9FE85652BCBD0B9E05722EC470FA491EF90CE93BF35D32D65E140E558640C80008ACF5BF32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5d437bde45ae316a09aa8b232db8bd4c8
SHA11405ea8a57b293bee98945e23bbf86b8759572eb
SHA256e5ee19d24a1a23a65efde22e0e2586b9be42c3513f09032955e64fdae1bb41bc
SHA5122dfd4212cf9a7876fd1ddeec5df145f0508a701b0675dc8af049c68b5511b779f9397936009f302695b16dd437c747cdb0efd00e8c43114b8a0c632b5fdbcae6