Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/02/2024, 08:56
General
-
Target
2024-02-19_db2dfdb8a362e30b8e480afb956acf01_mafia.exe
-
Size
473KB
-
MD5
db2dfdb8a362e30b8e480afb956acf01
-
SHA1
afc04bd640dcbef0de30abb539f48e7c63e1565b
-
SHA256
e0b40628744de922ad043e7f5d720a719a1b43e81e6110da9e79ad28f38b0593
-
SHA512
e90bfccccfa2c6d141188ec8f89f01827752d599125cf4714e37b61f7daad6bd00d17799055edc670dfb19081b9c2f570d2545b1ba08134461864b86b6b0929c
-
SSDEEP
12288:Nb4bZudi79L7++UoZ3qMwipzwQwGyNveMQA0a:Nb4bcdkL7Bv37xpz2eMD
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_db2dfdb8a362e30b8e480afb956acf01_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_db2dfdb8a362e30b8e480afb956acf01_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7762.tmp"C:\Users\Admin\AppData\Local\Temp\7762.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_db2dfdb8a362e30b8e480afb956acf01_mafia.exe B85FC99AE148258F2FC375CD44033E29109FE5472EA5FAB5D25BC441AA8B42FCAE6709455040BB4859A2A43FF1EE73780AADBC4AB418129E39051CB53F025DF32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD56c726a1fc0e1447fe31fb11d96d5b7b1
SHA1a4504656cd4a7a0e0b4c8d33f690e8005fef3b64
SHA25620124697972f886cde84b227391954661e7911826fdf7d2a0a290a51c29da5c3
SHA512bc5aef103ad979d602a32254388b7699a843684cc05d6e29886f1768dfefe7b98187286021c6d4ae5dd48e8752a870d5a8fdcbf747a6079d0967eb6a216682c3