Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 14:48
General
-
Target
2024-02-24_d7e1f4b7c5977d58aaf65962fe066711_mafia.exe
-
Size
435KB
-
MD5
d7e1f4b7c5977d58aaf65962fe066711
-
SHA1
e8e3348e7236fafd646abe3762ea3bf892cfc8d6
-
SHA256
9935c462ac42fe6cbfab60fd28e5570c078178d2bfd78a4e8810bf32db6a0e85
-
SHA512
d3bc3562aa77fc6b32a26a4df42224803d37f7d93953c8537b73579606ea7fa042c3a498ff6272b78d046ec654dedb9337f8234c92ff016f5495b2db802b0879
-
SSDEEP
12288:fd4x+ePixnXQjuI/m7lG9rYNHEYCy2wP:fd4x+ePixAjuI/m5G902y2
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_d7e1f4b7c5977d58aaf65962fe066711_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_d7e1f4b7c5977d58aaf65962fe066711_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\36FE.tmp"C:\Users\Admin\AppData\Local\Temp\36FE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-24_d7e1f4b7c5977d58aaf65962fe066711_mafia.exe 0E7BC7C5927BAC8F6D7278C4551F7CC25636162F9E288857F25BB4ED9777B5609D7C4EDA8F77081216D331E1B1026510C4531E0B1E4706485BA04C5656E872A12⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD589a0e364c3b1862d4b3b39c82d1c086f
SHA19653e3142f05943f191e0c663949db8089ea8854
SHA2569f1976b3c1d36b94d4e4989d2d21b83cb7560bb2694b6942f3e5f454740c1816
SHA5128500936d1c4fa325e9f75764d78e5806c47bae5ac5aabc604ed6981ef27c1e365ad4a3e8ee96ae3db0dcac8e8f5191bb15e4db36a01ea7b570f3d4c82e85c95a