Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/02/2024, 03:50
General
-
Target
2024-02-24_ceadfd27c290d30eddf57eac559de5fa_mafia.exe
-
Size
384KB
-
MD5
ceadfd27c290d30eddf57eac559de5fa
-
SHA1
d5d7c0666f4f7c79050328a814e7502013756a8e
-
SHA256
b94dc65726855a5a0470c95cb4a03dfcec69ba677ca7b6e2da74b53b01afe37e
-
SHA512
95f38a95acac3eb440a16b12f33ae23f4b1d7e414b88ddf84aad527a2f5cb1a3366e5ab13a8bcfe32b448b129df5482bc9bc1cc0ec5a864a2f26e1d0cd38054e
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHws8F8lLhRaQuF6nhiieVULq6Iq6udZ:Zm48gODxbzo89hRaQuFhLF5AZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_ceadfd27c290d30eddf57eac559de5fa_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_ceadfd27c290d30eddf57eac559de5fa_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5476.tmp"C:\Users\Admin\AppData\Local\Temp\5476.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-24_ceadfd27c290d30eddf57eac559de5fa_mafia.exe 4F64E778A3337E9C2586607F692EA3ECF94D0B304867A7F1BB1282685AED5FECB2B41F1CC2BD7B4B534AEA6BBA929BF988753787004FB2942B113BFBF24921422⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD52e5d68820e6779b53adc37b2550af7ea
SHA1c5554678e13581b896968c1e2eb0bfc1858c2999
SHA2564ab0091ebf775a6f6de886540840fa2f2a7bc1e5a811999bf732d90bb0876346
SHA5125c724fb9069fa2dc0fed38f5be4ce99484863959575249fa3401481cb03e697f1aeba043a0665622105d9231a8a510ab3b333ee4efd5a396a1a28e4a745cbab8