Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
13/02/2024, 08:52
General
-
Target
2024-02-13_f876181d2dcadae6067f34a2f3394204_mafia.exe
-
Size
411KB
-
MD5
f876181d2dcadae6067f34a2f3394204
-
SHA1
cb0f8de4543e096ac4492a5d58da6f2880860cd3
-
SHA256
74e254b705a010b888ae6c54b5ebf69c9f2958442ec80e7c555bda5eb55503ad
-
SHA512
81579006a52612888156ded3009c61b54d6640c83b9f5d24a0935e40b5e114c25b7f5a2116155761a66496e62507f9f2fe969d4c49078f182a5650a7ad664106
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFWVObKuQV9eaBX3OM06cMfGcW6+8rLJGtjHqHI:gZLolhNVyE1+0iA3OM06z1HLMxqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_f876181d2dcadae6067f34a2f3394204_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_f876181d2dcadae6067f34a2f3394204_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5052.tmp"C:\Users\Admin\AppData\Local\Temp\5052.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-13_f876181d2dcadae6067f34a2f3394204_mafia.exe 0DA65ED86417B21E96C8724503FBA245FEB9DD9D38AC27AB96DF23135763683380BCD347684181D0114CBD7723828436076D4B3EE4D6408272359E49D40CAE152⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD54bb00a32c490f56458791ea2834b127a
SHA1c83e289a9e7ba5c773eb6aa5c339b47c2e26512c
SHA2562d1f782b8a9b352252200acedae70e7b819492eb585b30e979e2177be192efe0
SHA512e1766c5739e66dd42ccdbdf0b76e8fab185c1550d7375fad16fb707ac428fb0675b15724f8060322a896d3f63d04f18faa69a7540576950c5a17776f0785ee01