Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 13:53
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe
-
Size
411KB
-
MD5
b103ad53b1531a15d41892944a806be4
-
SHA1
47bf5a9e53a1dd785e2944e1111250cd003bf662
-
SHA256
28a9d67d823e9a2990cc9d766fa53e92d71f826cefcd8ab85d4810d3d45086c9
-
SHA512
b142c965bdfc52db3c34858b018bf42d732626d47ae16203ac18ef7c32cc98031f7b3b9cbdf8d79a7207785b2329839f787f3606c9d6bf1b18ecc3582e9d1600
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFQPfomoLu/MUAUVL7J8sQgD6xIR0c391dZyqHI:gZLolhNVyENPf/0UAUhSSaIO41dsqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3076 1325.tmp -
Executes dropped EXE 1 IoCs
pid Process 3076 1325.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5004 wrote to memory of 3076 5004 2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe 83 PID 5004 wrote to memory of 3076 5004 2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe 83 PID 5004 wrote to memory of 3076 5004 2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Users\Admin\AppData\Local\Temp\1325.tmp"C:\Users\Admin\AppData\Local\Temp\1325.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-14_b103ad53b1531a15d41892944a806be4_mafia.exe 228B0F615120368606B3368D48F21A83A319F6A7CCBE19FC27D5404A0A8F6C302D56B035BE40E79852DAD7AC90612DE234CA9742546071FE4D9B7CDAE1E531DA2⤵
- Deletes itself
- Executes dropped EXE
PID:3076
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5898615eb2c32126c11d7d66d1ad974cd
SHA1112b3cbdcb2d2248fef38baa04726c6f1dae8f8e
SHA256a4cc306f476089a3b7bb86b14d4ff740c00903be75cecb49cd6cdd99b7662c68
SHA5121865118ae4dc3cb9a47d7956bc53fc57d1f96e9d314101ce381f16d35b10af40df6fb88c3c8992f303583c7e3b68fef4602a7294cfed466890a577ccc39dbfa8