Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 17:33
General
-
Target
2024-02-23_53ed8619e632550c4fcee476819278e0_mafia.exe
-
Size
433KB
-
MD5
53ed8619e632550c4fcee476819278e0
-
SHA1
62bab0ab00cfe5211091d804b9746b206fa47465
-
SHA256
8cd8407c0479411eea09d13d450280ef7772ad0e7e3e45bb28ab0751403f9d62
-
SHA512
7f3a8e9e9ee0014917c2fd6f62f473eebbba9a4e5107529832bd7d6fe866b432fa835c8ffa0c0f80fd5a5bd53959fb2d52dd5168cb48069e0ee11d51c19a8d0b
-
SSDEEP
12288:Ci4g+yU+0pAiv+yMZjdZqcjBVKJ+cnKEbLtTRNa0an:Ci4gXn0pD+yMZjecjBVNZv
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_53ed8619e632550c4fcee476819278e0_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_53ed8619e632550c4fcee476819278e0_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3930.tmp"C:\Users\Admin\AppData\Local\Temp\3930.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-23_53ed8619e632550c4fcee476819278e0_mafia.exe 5901D882059FD1AEDECFE320DA7EDA2FC87FEA893E41A18A51BB8F06D6FF24B56611554341D487BB7E90537D62EA445AD78171E5D3C3736BF36702D042F54C6C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5a8217cad07267b5f28b55b50deb81e4f
SHA1209ed4b15a01f87b8d6312fb2cb8ef4a6d72696c
SHA256bd6fb30d1cf1904c05cf9d04dee64fb7efbe956001ce16d97008ed1b8809bc7c
SHA512ca6cef239b15039d47c6a85a552b536c23c33489a0e0bf71e1dfa66d44b1aacd17cd3864d15c9056437fe5b542958dafbb3c5bc5171c160dff7eb1c34a987a05