Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 15:28
General
-
Target
2024-02-23_a5bc4e67832a561f773b0f9057993121_mafia.exe
-
Size
384KB
-
MD5
a5bc4e67832a561f773b0f9057993121
-
SHA1
da19ddf26a82a3d98b6261121fcc372edc074fee
-
SHA256
c4ba3738e4ae160311cc1369d38785154110a4081604df210d1aaa6d9de9fd01
-
SHA512
f339ffd1daad87cce52e0c155f2d9a0168774943e4fca0d7b84086df6a3584e9a9700d488a313e7b9db30fc582a20fa6368b93fc877045a7082b0b202ab6e425
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hH9bq0DR4T/p/3Zjf5EMaa21RGICnqjpH/Z:Zm48gODxbzrDANsgoGqR/Z
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_a5bc4e67832a561f773b0f9057993121_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_a5bc4e67832a561f773b0f9057993121_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\47F6.tmp"C:\Users\Admin\AppData\Local\Temp\47F6.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-23_a5bc4e67832a561f773b0f9057993121_mafia.exe D6B3AF550B852D156F7C4A7222A886795CEEE51D8398C4AABF7D524253A0F367F694944FF34F41B1C5F31D383C5E2483C426F6903A75A664556B719448AD0E7C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5d8ac9fb03832f8b655a1b4ff466e72cb
SHA1403b600c09372987e00220e8e95a6a2a5b7ebee3
SHA25665c8c597fbfdbde5dccb3e16897ce5aaa758b1610d6a6c966637911bdadb8c21
SHA512db9702598bbbe093b2100cc2c2d5ef6c0e29714ba5178114913e82082fe7a84a84d9b690d6ad1d4fa6aa66921b6c10743981d1c3219736f45879671ff3efa78a