Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 09:44
General
-
Target
2024-02-28_908be846d9e6156cdd533aa1fa05bc12_mafia.exe
-
Size
486KB
-
MD5
908be846d9e6156cdd533aa1fa05bc12
-
SHA1
d90f727b05f9fe1353cf8bed3f66c5678e2b1a2b
-
SHA256
fc038c1df7f248324718a93b726ba98da6f97bae2d78242b11ecdb8c78d41777
-
SHA512
5bcba4f1ba76d406cae0dd4f427fbf5b104bce8fa9711f25ce651193561b5f18aaf2995c311ecfaf75f76a2d47dcfadcbec44beee8a2388d16347821cd37c5f1
-
SSDEEP
12288:3O4rfItL8HPPcYX2iN7+ZaRoto9Rta7rKxUYXhW:3O4rQtGPCiN7qaRot0ta3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_908be846d9e6156cdd533aa1fa05bc12_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_908be846d9e6156cdd533aa1fa05bc12_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\80C4.tmp"C:\Users\Admin\AppData\Local\Temp\80C4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_908be846d9e6156cdd533aa1fa05bc12_mafia.exe 972B8CBE73B91C08976625965A48BBCD745EED31816F8ED20029B17C02612393890163216FFC7D8531850D132E90E42C2409D78A2F83A41FA591BCADB6412C7F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD523edacca7cecc985827b1e73086ad24d
SHA1a060083f4a372af2fd669231d3b3247d70420195
SHA256bd8e5b4252d75bfcf0fe91c4627d08dbf76d9e7d4eac5a90f7ec1e4214fb5c95
SHA512de8e20e5da80e2b397227878209b27c106492af47a7d302985ca6b0a146f3e47680bff0e60cc2308b574f1426f2f6b34b7aeedd669476c393a1b9b687904a0c5