Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21/02/2024, 21:43
General
-
Target
2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe
-
Size
468KB
-
MD5
ffd6d0193538403ac923262ec909932d
-
SHA1
f055f84cd999b7ac8163d83ab5943e2a2e1ed175
-
SHA256
934085857436d3dfe0ce86cb589152251fa37ce8edfc68d48a656410d8f3f8d7
-
SHA512
4b2b4d2007b78256959f6d453fc878594731b04f5c74214d7ed2179c9ab4738da27ad785101e755bc3df46c2678a6bfe59ea212aec7843be1cea052a16713e5a
-
SSDEEP
12288:qO4rfItL8HGbtNfBs/7T2owsFv1X6h7bWmeEVGL:qO4rQtGGJsX2bsFtXgumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3811.tmp"C:\Users\Admin\AppData\Local\Temp\3811.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe E6A6DD99D68C9451AF6CF0A9B973E14E92C683AA8D7870A4B364D18D7991909EF1A5789963D9805F7BF9F3365406AA3C2D3F2EF0B812FD4C34C8F2EF2583683D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5080ab8bc46c01d75e02e53af626e4f6e
SHA1ec9acc888a8ddb6589301b0c11acc834b63eb4fb
SHA256891a71ddb91188934cf8bc837e943649485a79cb5153713797dcb80ac3013839
SHA5124a0bdde8baa62fbdce8d54c9f31c80d64beecd7b55872a71dfd91bb2b9c659a223da5bb0fcde428d4faee642707baff69f374a1a6042e09f4a67a65d25973919