Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
11/02/2024, 17:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe
-
Size
384KB
-
MD5
1ad07e660e5a4658227789c3e57c04e5
-
SHA1
37fb9b44b2912fb43f9d0ccd1ec764023c3d46fc
-
SHA256
42f649bc493954e50eb17d37fb5fd917272fa224c22d5587edb3cb87c52e7005
-
SHA512
08c225fdc4b57a5ee19e33b3bd74f58f6542d4d6c102ba39ed24357448f6075a7d1d4347358ac039525c68d28fc24f823ae5e4baab81136e3ec3e7053f1dc5fa
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHRYN5EYvlyVjvhCQkLRvJAYLQagK7e431tRZ:Zm48gODxbzAN5NsVVCQkYYSKiEhZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3012 1E79.tmp -
Executes dropped EXE 1 IoCs
pid Process 3012 1E79.tmp -
Loads dropped DLL 1 IoCs
pid Process 2512 2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 3012 2512 2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe 28 PID 2512 wrote to memory of 3012 2512 2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe 28 PID 2512 wrote to memory of 3012 2512 2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe 28 PID 2512 wrote to memory of 3012 2512 2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\1E79.tmp"C:\Users\Admin\AppData\Local\Temp\1E79.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-11_1ad07e660e5a4658227789c3e57c04e5_mafia.exe 3ED627C2CFFEE29FA245712426E26CBC634BEDFFA7425CFBBDC7030989287256BC248C9E387491D651235929F78D7F5A1A6571F2B7138EE31A6173B789E4ACFA2⤵
- Deletes itself
- Executes dropped EXE
PID:3012
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5cb3a8f36cac4589b9ae8d24e6e312d6a
SHA189ec65526ca3a958d76a08817231a9f119531654
SHA256ea12597efef874e93b321f2d5a0aa5abcaefcc63100df05fc026abae370e67e0
SHA51233f53fff7f34bed4796d04e1d8146147bb9d7ad3488a215fad84159e7d4716069062ce215e04cec02a3c58097595fefb6f8cfc9d0304f3e0d88024ab0d1f21c8