Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
18/02/2024, 13:31
General
-
Target
2024-02-18_47920c402258e6c1f90510c3c4a16b01_mafia.exe
-
Size
473KB
-
MD5
47920c402258e6c1f90510c3c4a16b01
-
SHA1
8ef17c9ef42bd5fc8fd3fe86b3cd1b30cb35dc57
-
SHA256
788c5dea1bf267b320aa15caa8c3452cb9d4387e4374bbe7d7f2dd2ecbed6348
-
SHA512
988f3924e0d8f5b14220705b002a8278e4bd532df58e3878a78bec3631a8af6056bc2f413680686413d77732e47eb1c87ca48419dc9cfc04c5784d3aa6a79bce
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStsiOhXthcLg2OSLnE9P0+Sf5JJLj3oiXk4Lq:Nb4bZudi79LzRthcLggrE9PYzsJRqA0a
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_47920c402258e6c1f90510c3c4a16b01_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_47920c402258e6c1f90510c3c4a16b01_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48A2.tmp"C:\Users\Admin\AppData\Local\Temp\48A2.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-18_47920c402258e6c1f90510c3c4a16b01_mafia.exe F0E8301EF726C7373564E8F049A4FF58467E2CB32A5F430EDE4D3966FC6C43DF41C8873624B4EEB3DA149A2B42BCA74E31D3FA0CCEA0E48DFF88B8CD0000B1222⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD551015870bb9553cb724b6e219514ce25
SHA17447ea89cdf8d8a9937122126ddb5054751cdb5f
SHA256db462a36f34db5ba470b2b1758e1877642903ef2890a8c703292423f2deaedea
SHA512c6f422cc41fc865b12f691fe1615b3f4764f3a1e65932da5469d4195ad3ae29d3d002ab4b5ac5e292d82e812c66e13a33a2602b94e3859a24b4ff2f55ff200bd