Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 22:26
General
-
Target
2024-02-28_67aa2fa994ca4d6d91004c1b3343ae01_mafia.exe
-
Size
433KB
-
MD5
67aa2fa994ca4d6d91004c1b3343ae01
-
SHA1
8aa47c99be81539c78c0e80cb3a1e6d4fc7ef46b
-
SHA256
5a8bf0022290971f6a554147c4ac9e06d0984383fe27f921980816e2d1a45da7
-
SHA512
c8294dd76d88c021339b59599cee21ed336972705abea1324c51341f87b45cf642ca7818f71182f7b1396ab066f6fd5839b710563c0a755ae3c54e2035e3f3bc
-
SSDEEP
12288:Ci4g+yU+0pAiv+VvUxAZPt4zHVCOUUvUOg31p6tudn:Ci4gXn0pD+9UqZPK3fve6o
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_67aa2fa994ca4d6d91004c1b3343ae01_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_67aa2fa994ca4d6d91004c1b3343ae01_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\59A4.tmp"C:\Users\Admin\AppData\Local\Temp\59A4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_67aa2fa994ca4d6d91004c1b3343ae01_mafia.exe DAB7FD129C0D5E04D71574189239C54BA16264FBE359626EF6A82B2D2F64963CEF49DC9068C5F047391EAEC37CD032EE90804B435C1D739514CCEB02748B55142⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5d1b42676754e427ed206f0a8f12ca758
SHA1a5d2295da7788cc04cc47bced2237ccb889959a6
SHA256e8466352cd6989a5456b42b3f0ed91030fcbf4bc910b545a0fc677d8d269427b
SHA512089f90cb18d72731918193eabe22d1e6843d22f31efdf1d9a741754d5e4b24b29999676f863d03c386854d5a2b4d56bc75a82a3f7fc8765dfc727c90dd4e220c