Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23/02/2024, 05:54
General
-
Target
2024-02-23_72670217e58a686e2a66cf38e73340b3_mafia.exe
-
Size
435KB
-
MD5
72670217e58a686e2a66cf38e73340b3
-
SHA1
5a57dc62d5eef673e9d1a9a594f1b705631a60ea
-
SHA256
f95ec57628a0a499f7fd753945216f1a5f14f6a809b055d6149ffed33d7ef5b2
-
SHA512
1858331e5d6263355a31e432986fa0ad142fb6a3ab6b817b8bd77f73ddaf67c8c0b2033eedc1787126ebb8382094122de5b10dcd2dd12ee954ec5b96e309877e
-
SSDEEP
12288:9W4ufepiqKQ1mwfY9Hj65Sfp6M5VgdnHUZxpaJolJ:9W4ufepiqhmwQw5SfpjidnHU3l
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_72670217e58a686e2a66cf38e73340b3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_72670217e58a686e2a66cf38e73340b3_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3D20.tmp"C:\Users\Admin\AppData\Local\Temp\3D20.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_72670217e58a686e2a66cf38e73340b3_mafia.exe 78451F1D3CA13974ECB1A6B9DD6617E49E940BFAB3D0D5388F0BA2EF515A696BF860779306BD41E83EEC53ED6359D80E304222A728BBF9D27E268AB1AC7D95A52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD526cdb8b74d7e687cffd36579ec1b3c6e
SHA1063db5c5fa6dc8aad05f6dbc72906ff670eed23d
SHA256d4fec4c2dc023b64ac215e3e16227043ca88354366890022a61109fcf24dca5c
SHA512c420f651a10a5ce4a45da04d132a674aff1e5f3723f595f59b89e6e4382c42fdb37d50d4a30c16b76cdae61b6a9a7ed403fa9bbeb7167857a63896d1abe58d92