Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 05:58
General
-
Target
2024-02-23_7fea89bef5b03515de2cea46f8a0b521_mafia.exe
-
Size
613KB
-
MD5
7fea89bef5b03515de2cea46f8a0b521
-
SHA1
80450351ff6539202fa01f75366cbbe6e6e0305f
-
SHA256
e831daeaa3dad7b25f14c86a86a76859ad4c933faccdf4bc9bf2bfa4570fe7d2
-
SHA512
993fb613517cd6f68aefb53cc2e8b44084a8612f49e6ba117b98e7d07aaa0356998e53830da3135d16d2411efec718a6b06c7b12acaeb20ba2c81bd17bc96f0f
-
SSDEEP
12288:XO4rfItL8HPF5wk++lwKKiH+1ow+Q7Q8mO4rfIt+2:XO4rQtGPF1PRe6w+QdmO4rQt+2
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_7fea89bef5b03515de2cea46f8a0b521_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_7fea89bef5b03515de2cea46f8a0b521_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\327A.tmp"C:\Users\Admin\AppData\Local\Temp\327A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_7fea89bef5b03515de2cea46f8a0b521_mafia.exe A46EBE04DDE5EC703745F9B1568DF9BCB616B1DB043F26FD8B6217722D8E2EACCBDF234CC40409647B26B41875BA57D216B50F757BEBACC9597124B565D8D20C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
613KB
MD5f63f96ed6249eddb187e0eeaf8a44e23
SHA186153a7032c8d9c0d012020f0b2d00a0a2d1c5ec
SHA256422250edb0f4dcdcc1fde6221c77855dff49827d670e8d4c40e17fd332e121e3
SHA5125ccd9f1d4f81a9347d5074dc2a23aaf52b7560c5936a47315bdc7cda1b5ea56e1264cfeedb45ae5f692d78d068d746167018c133d218df0aa95e3ae4f3aa7196