Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 03:36
General
-
Target
2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe
-
Size
486KB
-
MD5
6176dff3670210a108487adb9b0724a6
-
SHA1
46887a60ed337521d6a4202daa1c7a73c4afc1c6
-
SHA256
cf9e0e5c359e1302f470ef5f175198ac3af7c4bcdd94570319026860b59f8db5
-
SHA512
9f914b097c217053447dd3fe040f94a1a2af08f31bb751239f7a876caffe33027ef55ec4d38471f74a6aa0fea984b147ca39e9b94d4dcd7b8eb6699552ecf7a8
-
SSDEEP
12288:3O4rfItL8HP0nX7y89O7IHbi/kxHpwzaN7rKxUYXhW:3O4rQtGP+uikIH3xHS23KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\80D8.tmp"C:\Users\Admin\AppData\Local\Temp\80D8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-18_6176dff3670210a108487adb9b0724a6_mafia.exe 11573A7362A62D9322D5C78625F55346F2B85B2C0E0E6137FFA54415B9C57BA15B72EA78A23AE4F1D6B3BACE153C324861F67E179C495FD3F81B4E0471C93EDB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5f9d339f07dfc0574513b7d88a7328d97
SHA16a9f5c7396b8d319591d13df07c3ac4a67dee9e9
SHA2560bf464a0a18cc0bda11d979c406d3f90dc5167a3e1867f3230da28d5d08b92c0
SHA5128d1c098be958def4d29fe79420ce0a3c55b4f8e156ff441c21988683f994cf8ce83a86395e7339cc2016055cc6423a43d2d1f0a4e916634351ff55861c681b75