Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/02/2024, 03:54
General
-
Target
2024-02-19_b902834828cf0c9d7ae400d5f5c72629_mafia.exe
-
Size
414KB
-
MD5
b902834828cf0c9d7ae400d5f5c72629
-
SHA1
67eb3acf91ad3aa52a43f8f0a76035c0c0582941
-
SHA256
ed041b1e4a268578eaffc5203856f97d97972aced0977fff201d29c7d472cc8f
-
SHA512
66367e48db8efe88e0e7631f0091132ae76bf007ad132e6547ad2a950110e29a04f2aa5bd5cea383d23d2fc659acdd2195434c4345f5137fc04f7c9aa3748478
-
SSDEEP
6144:Wucyz4obQmKkWb6ekie+ogU6BY8s4uQG4UYoemuHPXsOU3Dn7+K5/Url:Wq4w/ekieZgU695vToef8OU3D6K58rl
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_b902834828cf0c9d7ae400d5f5c72629_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_b902834828cf0c9d7ae400d5f5c72629_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5AEC.tmp"C:\Users\Admin\AppData\Local\Temp\5AEC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_b902834828cf0c9d7ae400d5f5c72629_mafia.exe 7FDAA683565261460047FB76745A6BE19FDF39B48067AB356E6182B7B7BD481A22E6823F496C98C378BEEB29C0A318852613AE5274CB9732877CE63AF77BADE72⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414KB
MD56cf5becad19d6f88e2b1ce5d38d56e5f
SHA172717b84e6cca752eade7e379f886b94a662cca3
SHA2564c9369e66d3e4558aca54a62d3e13a9b6f10ed8827078ce62d356d3373c4f8ec
SHA512958babceba0a0292a83ea1fc66ab42ca4e62e23c3a1184b63669cb95e50378afcc67fc5d5779868351441a87a5ebbf862b7b1d5f641b1d34594a5f83804d191f