Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
17/02/2024, 11:23
General
-
Target
2024-02-17_0a8d23f13ecf455049564425bbf70b20_mafia.exe
-
Size
486KB
-
MD5
0a8d23f13ecf455049564425bbf70b20
-
SHA1
84489f07d4bb0f59c4828cd1577da2db00cf2986
-
SHA256
1968da6fbb3b0125c468f276c635509171d92104d7430113f031d1f59a946dfc
-
SHA512
2ec1bc96a743f767ea76dc0dd24b74ae9d35518783bf8497927494491691e316e16ef78ce3b86599844ddec5c169b44ca851b584c1cf92c1c1e062f05a654e33
-
SSDEEP
12288:3O4rfItL8HP4OqdmgRbwbsSPXeRX1lshT/u7rKxUYXhW:3O4rQtGPLqFYsSmB1lyu3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_0a8d23f13ecf455049564425bbf70b20_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_0a8d23f13ecf455049564425bbf70b20_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\FA56.tmp"C:\Users\Admin\AppData\Local\Temp\FA56.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-17_0a8d23f13ecf455049564425bbf70b20_mafia.exe C98C9FF38419EBED352E2FC03AD90A57851E1C851CCBA2D783BBF952BEAEEAD9E5B42F945A1C386DE3C3B881CFB758BFED562E0AFE2AA232C170F9DF358B3C472⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD570d90a5bb5dcc0ab3f7a96b0d500dc32
SHA1e2d1890874e59f00d9ff252e1fe66c3c536dd9e8
SHA25624d90ce5718733f47eedd12bdbc4da932f7e4122ff3422c8f2e5b788842df726
SHA5120a6857872a3e5f4151686454116947d1b0bd185684a0b9b03c680aaeee7c79ab75cc1fb2ebbf70c669e900cee8008252bf090908295d05b5536bec8a5fb6c87c