Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12/02/2024, 17:52
General
-
Target
2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe
-
Size
486KB
-
MD5
dada41e3335d946f7687f9fe4820e9d3
-
SHA1
dce7840f92630f464941aa26bf3c2b5be04eb7c6
-
SHA256
4bdfbe867c70423426fe46b02486dc2db7ea2914f4c62c28a5775c9a64985842
-
SHA512
47237b669e476f02a3c927fbf492e5f19fd2db035a311582c37d1ed91773f8acfdfce01374d30a098fcea434cec7ba2ff0491a0c4a5f4d71a92dab079efaadf0
-
SSDEEP
12288:3O4rfItL8HPS8KYSGNhSBQ99idWwp/CT7rKxUYXhW:3O4rQtGPS8KYSGNcRJs3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6114.tmp"C:\Users\Admin\AppData\Local\Temp\6114.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe B3E14BA577E18636113600D3A466EB637A0ABB8A5F08355C3D6CFEBF7EA643C9812FAC794F5CA350CD6CABE95D23E98D21C85EE952D3632DDE922EFB5F44DB2F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5bda0e9603265f58009becb1996d46548
SHA12cc9fb8c7e690fa408a583f9743c80c3234c1b65
SHA25690575e8199685615bbe03b11f4e44af15d00674b0547e497ec2d8511e10f99fd
SHA51278870ed5c49a9a0ed107806eb13e5bba45b9f2816ec23977dbce94d35c94cdadffbd45e202937eebe7045aba9dfeff923f7b7e750815998f15c4d2605b55344c