Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/02/2024, 03:36
General
-
Target
2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe
-
Size
486KB
-
MD5
6176dff3670210a108487adb9b0724a6
-
SHA1
46887a60ed337521d6a4202daa1c7a73c4afc1c6
-
SHA256
cf9e0e5c359e1302f470ef5f175198ac3af7c4bcdd94570319026860b59f8db5
-
SHA512
9f914b097c217053447dd3fe040f94a1a2af08f31bb751239f7a876caffe33027ef55ec4d38471f74a6aa0fea984b147ca39e9b94d4dcd7b8eb6699552ecf7a8
-
SSDEEP
12288:3O4rfItL8HP0nX7y89O7IHbi/kxHpwzaN7rKxUYXhW:3O4rQtGP+uikIH3xHS23KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\517A.tmp"C:\Users\Admin\AppData\Local\Temp\517A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe 5D4226A631F28A2A9A5B94020FB553E296B5D2B814E758410B9938A95737D1F589A89DCFC55E511798A38B2F3C34A2ECE7235821452352C7E8828CB8214DFDDB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5869520791794c88eea6464add7665f2f
SHA13f6671add399d94b11bcacaf4e69c13864bf7d9b
SHA256371a1a4b0ad9c0adcbd1f8565348af40c5dae3db9a853db77f0678a7cc333ec3
SHA512423949619a84ecd293b4e6aedb73e0c18419fdfc1bb1a363473381964e73823fc6ce34e44406eda131e90d6356001a003570237d0260ac515b075861ec44b5eb