Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 12:56
General
-
Target
2024-02-23_bfb879109ed344daeb7b737171441b0c_mafia.exe
-
Size
476KB
-
MD5
bfb879109ed344daeb7b737171441b0c
-
SHA1
751fbb8f0ed0ad90d66fff2e4f198e7f60727e95
-
SHA256
bc384a1ac8ddaf4fd6e43ca5a909daf142586c508b4391ed12eea423eab97e01
-
SHA512
3ff6c11cf6a9da0afe616e0a3e8516d6b6179ddd62b7ec86e3a19a0e0a3107e9be4831b55044e3addcb180cecf57a9d7cd1e37bde0e730fc80479d92100c364f
-
SSDEEP
12288:aO4rfItL8HRoNXZUsN96K0Bkrw3d3d7K9wlsDpVFd:aO4rQtGRoNgBXd3d+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_bfb879109ed344daeb7b737171441b0c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_bfb879109ed344daeb7b737171441b0c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\828E.tmp"C:\Users\Admin\AppData\Local\Temp\828E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_bfb879109ed344daeb7b737171441b0c_mafia.exe D9EF84DE19D1DD306BB5DF51C85321E3E69F8B84243EE2983D674FF1C948181A723D4BF5DB55CDBF269B97162B0429B4B36AEE2189833350488860721592ADA32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5cc85c8f2560dd17252c4b184160f5b9d
SHA1cb2e1408ad9073d91f62b6883e9144c7927bc7c1
SHA2563aad08a9ab4830f45bef123c1dcaf1b9d635348e390cae2d672b2406f22a1dd9
SHA512490e1c01a112d30dc499845138bb3d1fe70e0ccaad99c29de5d9c3fd7c62bdd569d310d6894bb19da8edc61df57f8bca403e0391b0eceeb1a22b8aed9e5a0ae6