Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22/02/2024, 23:31
General
-
Target
2024-02-22_95bb6d398dbd506d3ed55b85862f637a_mafia.exe
-
Size
473KB
-
MD5
95bb6d398dbd506d3ed55b85862f637a
-
SHA1
d16905e2e1c3d9bb2ab835fc82d0455ea1b61f2b
-
SHA256
a1ca2fa640f355e0c34174dbd68ebbd3813e20d30118d49bd2fb4b896746d1bf
-
SHA512
1c8819bfd9c388b1f606a1fcabeb5851e0378c982c38a12e1b980783771e5b6c33962a2f18cea5912a573583722279ca77a5ef7ca0189c7dcd22f7dbc82da677
-
SSDEEP
12288:Nb4bZudi79L8LwhHFuFeZEduqHtkAbkA0a:Nb4bcdkLyw14b9H1v
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_95bb6d398dbd506d3ed55b85862f637a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_95bb6d398dbd506d3ed55b85862f637a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\537F.tmp"C:\Users\Admin\AppData\Local\Temp\537F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-22_95bb6d398dbd506d3ed55b85862f637a_mafia.exe 696F2EED37A11590C044146A565AC1F63B261E1F387788ABE4CAD5B2A7D4BF8529E5D9D71DB44AC51368619F0871A5453F6FA6237B1F87C2E710BD10C8E851C02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD5b0a8cd638ac02ee1728e618e86866cd9
SHA1d8d5fb2974cc6b48ca766218e5fd5e975d769ae2
SHA2561db2fe74d51b4e279f71a01f08a099c06636703aa9aee00f5d3e04e9a4549b1d
SHA512e176514a081ea403d3ec6706a18cd785335f18be3c5559f6d2603dded06c851e14f55430456a7b83be5084d49cde798ef9335a5c4d2d55a092668e41a7fbde75