Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12/02/2024, 15:34
General
-
Target
2024-02-12_6f579644d1ede01eedbf5bd1745b438a_mafia.exe
-
Size
468KB
-
MD5
6f579644d1ede01eedbf5bd1745b438a
-
SHA1
cde48fad0c76f6d2b9b151a8c29a77b6565a4739
-
SHA256
77b2ca9d0c5adb15356719f2526d89533daa3d824119b7ed406136ba370c824b
-
SHA512
15fa4c3b1d3dc56ab0e2756cb3900b51d6f2db38541764b969a08090ad34d22490f1db0bf87ac7187745900063dfb7c32a87f7fb9976b62438e268207d5df211
-
SSDEEP
12288:qO4rfItL8HGY/GS0k9tKL+BTTUnVonID7bWmeEVGL:qO4rQtGGIjj9tJaVon4umeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_6f579644d1ede01eedbf5bd1745b438a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_6f579644d1ede01eedbf5bd1745b438a_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\871A.tmp"C:\Users\Admin\AppData\Local\Temp\871A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_6f579644d1ede01eedbf5bd1745b438a_mafia.exe E2233D9AB142CD7BC04433ED45948EED0F12DEF0146B26B510204F868C88E8FB00E6BBDDBF220AA906EA0DF8E8C2456D9B4609F801B54C48D136B43080DA12512⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD57adbc7145914f365c0cd73290954fc6c
SHA12420c495402fd0bd607a4cf78768e78ba3de920b
SHA25665359ccea26a55b8caa7a9dcec753188fdc124e795401baf966e8b0dff8ed24d
SHA5122103fa96e7074bc00ae5beb8176144f8759ed3465df63b8c9f7cb9ce9ae17f074fe4ed95321ba3a70e07c44ae4d6fa66b2ff18bf922266f1cdcf88929c125dcf