Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
13/02/2024, 20:28
General
-
Target
2024-02-13_4a476cbf17e67158b6f9196178ddf986_mafia.exe
-
Size
486KB
-
MD5
4a476cbf17e67158b6f9196178ddf986
-
SHA1
e65dc327ec5fc3c019aeb423964827f0994d5def
-
SHA256
e00a6331a594b9aff763a3627e706066c010739e2ce46352d62660b63c8898eb
-
SHA512
18e818e764db931349d002e603075f84f332dcb9b58570a1a2374ddb2ddc2655d6c1ab9b4fa17ae639fb68dc0d9b08cce89683cb5155d0c97cdf70ccb4128397
-
SSDEEP
12288:3O4rfItL8HPsxSltuZA+2fWcs2/9rJButKnlY7rKxUYXhW:3O4rQtGPESIWfWcF9rJY4y3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_4a476cbf17e67158b6f9196178ddf986_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_4a476cbf17e67158b6f9196178ddf986_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4F68.tmp"C:\Users\Admin\AppData\Local\Temp\4F68.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-13_4a476cbf17e67158b6f9196178ddf986_mafia.exe C94E58EECD6DAC7ED76693FFA0BE8B3176096E2B4C8DD19D3D48C1FFA56350A0099935EAA32AC171F518D6D67E81F4BA9060A2E3E62068F45A45A071C5C07C7A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD55d161509b733aace789f466ac26907d4
SHA1e8931f409725bffa75fb7f553c24b7e39639a739
SHA256b651a444f184e53e37d9b0cd15ef9ac11c329337fef7e9247a4362058661072d
SHA512b97a3240fe3241ad050469fce6f8f2ec9a71371b7cefc84625d37955e7fac163d42052972075e616bb78b507f833426529827054be3d441574ec1bfc1babc284