Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 06:35
General
-
Target
2024-02-23_3bb54f64202dea97196c448aa33ac66b_mafia.exe
-
Size
486KB
-
MD5
3bb54f64202dea97196c448aa33ac66b
-
SHA1
ec89030d3158ac870cd01063e4181f1787a55eac
-
SHA256
a61d9770821bd05f7f979cdeafe472c2d6d4bbcb8d2d8981088bd82bebaec1e6
-
SHA512
3c74e6d4f54036f7d07a9f974d16f87add4bf01828dc8d3cd0ab13382da23e9649eebd41b1ebb40aaaa8dac8503946a748b570fa91572f9ce0e5dd32b2bc7ba9
-
SSDEEP
12288:3O4rfItL8HPRMHsAcKkRcQtqCRxitrvNwJFX++7rKxUYXhW:3O4rQtGPSHlkaYxY5vUs+3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_3bb54f64202dea97196c448aa33ac66b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_3bb54f64202dea97196c448aa33ac66b_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\316B.tmp"C:\Users\Admin\AppData\Local\Temp\316B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_3bb54f64202dea97196c448aa33ac66b_mafia.exe 7EB2D11F4AE3B8382FD179B0D353D1CE36C2A2659A76F6CE2E38BAA0E6E9181D71D9547B49731D079DD8EFC6427E28857E62B18CE951985A63602372EEB8789F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5683171cead2c6adbbbe5d37b56fc8bed
SHA1c0223c0e00db69f95a6a036e4f0dd613c982d8df
SHA25683ac700d6c00123e62abc11d38482536eb5b1640d64f5a9aba817c7fda724e48
SHA51215b5ae728cfbba52e1b19191d46b7f151bffe7362c3f052d4d805975209a1005da6cb039c61ae8f77cec9c9d64a953b47a262fa6ec3687db41b5470535989c3b