Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23/02/2024, 06:10
General
-
Target
2024-02-23_a7c0306b6fea9db40f2eb813834ae528_mafia.exe
-
Size
479KB
-
MD5
a7c0306b6fea9db40f2eb813834ae528
-
SHA1
abe6a4a5f123b4464a2259f91d81a0e68d7ef86d
-
SHA256
3cdbacc4d6162a3be2cbf359b8ec2e51e00c256df180a118c82aac7921efe203
-
SHA512
248a14ca06b625ba3bca07b624a022065150e312228d98dfaec4f811b7e8545365394eb6a09f9b124332177b506766f0142e3d09e4ee7c24f701671e0fb77f19
-
SSDEEP
6144:b9EyS4oMxIkjxcWqHtg88HARRku7Eatei33V5a2r7sA3u/MN/ZnNvd5dwL75UNY:bO4rfItL8HALkiao/dJt+75UO
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_a7c0306b6fea9db40f2eb813834ae528_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_a7c0306b6fea9db40f2eb813834ae528_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\448F.tmp"C:\Users\Admin\AppData\Local\Temp\448F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_a7c0306b6fea9db40f2eb813834ae528_mafia.exe 66C0A1B140832300900F16017A0BA9CF720C7F2A6A58FC2D8265D5FFEFDB787B4830EF3DF26BC56BC6B3DAF713BEB71647E9CE1083E3450F5D2C0D49D057353E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD51a0ac80e8914b48bb2c3a753c38541fe
SHA1f6a9e64c6355614dc538ec4fd90e4eab71380ae4
SHA2567619262268467ab4b28784b34836e8490b387fced976cc21da4e81c4b3fddf66
SHA5124b9f3710662acebc369afe60e92788a963f0f9a984e19ff2e4260b3ede2b73b2d6dc397cb4ab1e4349f786ca58cbb93cea927d5b5b1a3b3c5182900c0482e1b7