Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
14/02/2024, 13:53
General
-
Target
2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe
-
Size
411KB
-
MD5
b103ad53b1531a15d41892944a806be4
-
SHA1
47bf5a9e53a1dd785e2944e1111250cd003bf662
-
SHA256
28a9d67d823e9a2990cc9d766fa53e92d71f826cefcd8ab85d4810d3d45086c9
-
SHA512
b142c965bdfc52db3c34858b018bf42d732626d47ae16203ac18ef7c32cc98031f7b3b9cbdf8d79a7207785b2329839f787f3606c9d6bf1b18ecc3582e9d1600
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFQPfomoLu/MUAUVL7J8sQgD6xIR0c391dZyqHI:gZLolhNVyENPf/0UAUhSSaIO41dsqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1F53.tmp"C:\Users\Admin\AppData\Local\Temp\1F53.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe F8D19C60222884585002C862011B74188475533CB63879BDFAC56749A110602A2E644799AAA0B8D963B9ED92C9E3A11D943A5AA8A105D3A1F8C14078BDD35BE42⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5c89cc253c93a1373df92ccfd27e77880
SHA110bb2249a46eba318f7ac659ee271876bb038cf7
SHA256889206f0edcc43614c3de4a78f142fab06d0fb627cd5f74497d59b3ed81a86b3
SHA512d84af53070c012cc83dfb524fa1dfaacb74863e5160cb42dcb75974c94640d912276ebaad7bda5ac86b510514c0925c2e9027bbb252721edf4ce2cbe077c1cba