Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
17/02/2024, 17:43
General
-
Target
2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe
-
Size
476KB
-
MD5
bd97dff96636e4a80726e836f950a648
-
SHA1
610a622e6d9db653a82899daaddbf0efd0812a03
-
SHA256
8878f759d9c8e2cc2463d0ac42664cc6bf61869899d8e695bdca92e121183292
-
SHA512
f17556a2f3022c3bcfd070d91bf67d27ffec459cf6eeb05392bd692f7d2065ce70eea1240da52bab76e2bcd92a01f572210106ed037e430c52ceec487c96e66b
-
SSDEEP
12288:aO4rfItL8HR+0QEPjQCCG2K60quFwi0koIV4Q+7K9wlsDpVFd:aO4rQtGRrDPj3g7CkkoxQ++9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A9EC.tmp"C:\Users\Admin\AppData\Local\Temp\A9EC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe B222CDDB47DEB59FF0A17D64C1262EF0D67BEFFEFC064197CA0EAEAC86D364998D6528AAC5F70ACC9FAA3E892C52DC4D27E730FDCF11EAD6AD4FCF40F843A9372⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD500b55b1491a89c2022e3cfc59a635877
SHA17ac69b4d9101a2d75f919083f7153fe04e178751
SHA256af50de44ffff92787b6f1c6d6358408301b722d63adf75a615ec16753098cfeb
SHA512e8e55dfe73a6ba975f1d928da6b17f129aa5e87c6d70ff400dde5caf1837bbaec11314a414bd8431711fd0771f6fe83781bcc52f53281eadaaa329035e3b00e6