Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 17:47
General
-
Target
2024-02-24_6efb820162c47222f050c26ea6c2ba3e_mafia.exe
-
Size
443KB
-
MD5
6efb820162c47222f050c26ea6c2ba3e
-
SHA1
2082004eca07fb0f71f0447030aa00ab66486540
-
SHA256
e8054da4d49c57f08a5714544204f7923e7f39d07169b4aab3e480a8d947be56
-
SHA512
1bac332b9a1a15f43695696c8a62ea8bc4fcadc7e11171112dc9df0ea84e5ef4a1ab3d74c8e7c3764410117753a1ead6244a78e377a6af039828ae0125749e8d
-
SSDEEP
12288:Wq4w/ekieZgU6yAI+oejXSmoRlfSLPalMa:Wq4w/ekieH6yAuebtorfgaP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_6efb820162c47222f050c26ea6c2ba3e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_6efb820162c47222f050c26ea6c2ba3e_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\69C6.tmp"C:\Users\Admin\AppData\Local\Temp\69C6.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-24_6efb820162c47222f050c26ea6c2ba3e_mafia.exe 10E0584D748260C83B134D9461F3CF2C494AAFB75B84DE12E86D7D9469D863049AE45E2CFF24AF085E716D2657374C997E0A8D94EDBD723B1BCD30D8F6A8FB0C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD516e70e6232e2c61cff67079a141af125
SHA1c54ae05faed287079bfbf5243dc641b18c90dc27
SHA2569961ab76c6be1d91c0a5a25497929f16a331d6ae309d93d33f2c5aa580abda8c
SHA5123773a23c88f93fb3e6d9028e5f6e8c88a14db708b742f6ee20044d4bfb387617ee59de7593708fd78380e3d0dd0b833062646902e509dda259fb47aa8757b8c4