Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 14:33
General
-
Target
2024-02-18_54977ca0b10e03be5018da24c3ca9dcf_mafia.exe
-
Size
433KB
-
MD5
54977ca0b10e03be5018da24c3ca9dcf
-
SHA1
7ee6188d8dbab955f77e8f5bfc98058c96873d3c
-
SHA256
cb72f40d569dfc6640594d8ffccd3b10caf757fa3240e72a81d99f959acc1232
-
SHA512
454256843351c61cc9d9c39498b33b49991e4f8fa04828d470727a3c9791b8321609c06844af1394b563c7bdd23065c49a202b8ad68de9dbbc54fa4a87cee533
-
SSDEEP
12288:Ci4g+yU+0pAiv+p7vOe+ob9UGN+PZLRyDuS7+WHOHdGn:Ci4gXn0pD+p7vOe1BUGN+xLk+c
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_54977ca0b10e03be5018da24c3ca9dcf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_54977ca0b10e03be5018da24c3ca9dcf_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7000.tmp"C:\Users\Admin\AppData\Local\Temp\7000.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-18_54977ca0b10e03be5018da24c3ca9dcf_mafia.exe 665D7A32017240CFAAB7ADBFFA376A94466E5653C42746FE62E13C5CF3324A6C91B4A8446DA8E2860E6CDE7A6D38A02F9E2911E65426F9A1960D49AAD0B0B06D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD58431c6faf3d7f60b05db553f18dc49da
SHA1a82b4767d0dbac233a50ce60fde060f23c8a878e
SHA2565812f18e1cb8818ce821c23e63ffe3fac3052635e9597c15146b5658aa3e5221
SHA5120e57ea56fd9891259bb8ded5fc5410e9f6b27f7e86982f3dc5d1c4bc42b1ed8f752bbabc27ffc147de396a54e8f87a808997c7ce47ef6a4b2ebdb8e32ddfb863