Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
14/02/2024, 00:50
General
-
Target
2024-02-14_ae5b64e717e425c7679bb8d836502a05_mafia.exe
-
Size
479KB
-
MD5
ae5b64e717e425c7679bb8d836502a05
-
SHA1
10d26252654fe9c00cf4a06aa2f3600526dcff2e
-
SHA256
560598fc36f7414b529bb1f8fefa5abee086f7542930d908e6ac25c5de403ef5
-
SHA512
be992f9ae3d2e9bcc0e4991ed04e093531261bbaf9ab6f3e92c721a00107bfcff54e19208393cf17fc0650c9ea17d47458a9307606cbd0ac639e18624ef00d7c
-
SSDEEP
12288:bO4rfItL8HAc+n9Z9VqjcGAmkS3RUP+RtyZ75UO:bO4rQtGAci9fM/eEdiZVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_ae5b64e717e425c7679bb8d836502a05_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_ae5b64e717e425c7679bb8d836502a05_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5275.tmp"C:\Users\Admin\AppData\Local\Temp\5275.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-14_ae5b64e717e425c7679bb8d836502a05_mafia.exe 64AEE6668F71B80172BE7B7DCE0030A7507DB774A60B8BDA0B1C9E4703652A25DB3980C4502130E9F4A7C93611F6B113AB169D949550CB713CBE1D76D6B325C62⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5f993c61690c8d0e08ec57bab9c5cd567
SHA162ca0dd591f24d5e5cfce475864532e85dc296c0
SHA25611dd69b3046ccd313943211a492d3865714e07ab85adf7e17fe3632f5f00d1c6
SHA512d5c183705144c1e302a5920043a87573dc44697527d8221c71e5b594a027f271ac5474350db895a5a6811a490999084759044ba5234cf3346468a1c0239e5847