Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 11:55
General
-
Target
2024-02-18_ab0d032c3f232d48a76bfa3c8f9ce270_mafia.exe
-
Size
411KB
-
MD5
ab0d032c3f232d48a76bfa3c8f9ce270
-
SHA1
4f538259110234bcdcefaa955101929852aba298
-
SHA256
a105c6c6f6d4860e368b95252a648d5e2a8e3b4aade9e0766f4f1ecd5364acda
-
SHA512
a0c463932ea9b33feb1844cde5ee761bd0af8b8a2e962d80315204b63a8401c4637828e19aa8d3e62ec1e38a1d790e4fa4ec05d6559058b800707e92b06ed54c
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFqLnfb119g9xMUrc/sR0wbVqHI:gZLolhNVyEF119gEUoUKUVqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_ab0d032c3f232d48a76bfa3c8f9ce270_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_ab0d032c3f232d48a76bfa3c8f9ce270_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3C1E.tmp"C:\Users\Admin\AppData\Local\Temp\3C1E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-18_ab0d032c3f232d48a76bfa3c8f9ce270_mafia.exe 69F0DCFA532AE1230503D13F5428451C276C251FB135BE8DC85428D910852B306CE93C7C851F01FCC00FA1004E114EEC59B46870A0DA84FF8EE8590B08B24B202⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5a30415c4083caa2f6185bceb14c698df
SHA17c8926fcc34580c82db71fe398641b1eed56e759
SHA256f634ec80e28569bf684fac3f613741b9ef76ad8a25f98c4febf753b163b496a1
SHA5126f9e5d06cb4ae43c4cf51d284940c7237cb607d8fec7d48f93a7fe59e9476c4c40c4caf90b784934a1dab0be213267efe248663b4cae968cd671f1f0844753fe