Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
04/02/2024, 19:42
General
-
Target
2024-02-04_d9d3039970b4de8f0f296f34b18cd2d2_mafia.exe
-
Size
486KB
-
MD5
d9d3039970b4de8f0f296f34b18cd2d2
-
SHA1
ee96702943c5e3979fe30f11c7234a7feadbe4c4
-
SHA256
dda04abeedf62c86a733bfcfb7a5bc845d4ead9f5a39d96028a228893f52623e
-
SHA512
7c8b97b50030ac76670a876dc99e706d27efd2fbfc26f04e11a3b1e04c1e389566e37bea36d139dab562986baaf4105eb93633c988c650ceab6682a1d018dcc3
-
SSDEEP
12288:3O4rfItL8HP/1HQyNibpbrtrMA/aiCX7rKxUYXhW:3O4rQtGP/1HQIip+r3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-04_d9d3039970b4de8f0f296f34b18cd2d2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-04_d9d3039970b4de8f0f296f34b18cd2d2_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3E67.tmp"C:\Users\Admin\AppData\Local\Temp\3E67.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-04_d9d3039970b4de8f0f296f34b18cd2d2_mafia.exe 54332773B47453D1F704D295C893E476B1AB09922387C10D0B0A8441DBE9A810F720FF4F2B58ED9075D07D983DCCF377DD6CCF38F63342BDEBFD5200C39CC4252⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD552d5d2776394e61c59c27883a69f57a4
SHA1259aa13c3e2ddea3edf1dc4c85f90f0d27b19fdf
SHA25653a2b515c07c2f500c4d28f8c8ab8e8d3cff8a9cbc2781af7f2fd33500b17c70
SHA51246b3b211b647d3259e6bcc3f84334477062301be88944d6024aec58c3042d87f0ee1b5c492757bb05b906811da88ca6b5cee9ff1f789f7b5dd169600d70c98f7