Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/02/2024, 04:23
General
-
Target
2024-02-19_06bb80bd31b3fcc7183e164834a5e0cc_mafia.exe
-
Size
473KB
-
MD5
06bb80bd31b3fcc7183e164834a5e0cc
-
SHA1
6706400e3a26d79fcf6cfc65e4cb91cb7c4b9fe0
-
SHA256
9e9b50c339c05ccee312ce847e030cd3d58b9115ad4b7ea712402f3ba011db20
-
SHA512
f590f1aeb0dfd03c7866e937265dec19fd9d80b0eb098df6c93a359a477535bb63315de22a78698aec50bb9d47f8f4a60c4ecbf94c18ea0c0aca7ad4341c7a7f
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStsF40LKej6mlylY2YGuB4RNJpKPNS+Vib9SL:Nb4bZudi79LP9jkYhGuiR7MkHwYA0a
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_06bb80bd31b3fcc7183e164834a5e0cc_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_06bb80bd31b3fcc7183e164834a5e0cc_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6939.tmp"C:\Users\Admin\AppData\Local\Temp\6939.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_06bb80bd31b3fcc7183e164834a5e0cc_mafia.exe 295EF9DB3C1B7BE79B066CA5339E1A46B15D06492A2978058ADC5CDBC93D47C96F2C2F75868296BEC00DAEDFBEC12FADCB8C854624CAF866C5A7A958F2D194052⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD50487db1d10030a51ebbfe13fd3041c61
SHA10b65b2968ca9b9d75704fbbc5a2477436720fff5
SHA2562a4d27efad912cffaa218b1990aa389328bd5abf92f6d4501a347664d30034df
SHA512698c1d55e66bb76afdfd65eb8ab4bf77589bea07e8d510056c54d0816068eab23405dc34f5fe4252e9de59c7bfff52fc7a9155a9165596419ac1f348efd75580