Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
14/02/2024, 09:30
General
-
Target
2024-02-14_37536bdf03e65969907365ebe42baea8_mafia.exe
-
Size
486KB
-
MD5
37536bdf03e65969907365ebe42baea8
-
SHA1
0776fea46798aa05fbd82d8d9f260f28ea185fbe
-
SHA256
51236d5062f5fc927f80b1b34504722b97f35770a3e09ce35991c4f07a19db6d
-
SHA512
a5b48eb3260c3f206ce40fa90f9dc65eeb83283b11a74d9e628832206f3a3d0843df820786c65d852363ad163830cd94b66ce833899e5b3cdffbded899dc0b87
-
SSDEEP
12288:3O4rfItL8HPQUxmVfEFc6cxjdc4Z77rKxUYXhW:3O4rQtGPhxmVfEF4C473KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_37536bdf03e65969907365ebe42baea8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_37536bdf03e65969907365ebe42baea8_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\11FC.tmp"C:\Users\Admin\AppData\Local\Temp\11FC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-14_37536bdf03e65969907365ebe42baea8_mafia.exe 8D95593618981C2971902D887A1C4284987A383C30420086E592DA219E6F151A18A3CCAAD5D59C4E08DB10C7E22E189938DAC1CF1A316E29A6B44EC6CD8DBCD22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5992c233e625505c054875632558a1b5e
SHA1997ce4c310873b7fff2009beea417090bc58c58d
SHA25604195b332daec7bcacf99e04786374285eefbebfbf3c370f8c0e8a317156e462
SHA512f788afb78961f5f9be073ce5ff852d7bf383968467191439e79f04f890a0e3772ac5e7f6ae50c4a832b30663cd2b36fc169e5b8867c4305507a63b0b75c144a4