Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 13:32
General
-
Target
2024-02-28_5af729527cba646b2e471824007b14f7_mafia.exe
-
Size
486KB
-
MD5
5af729527cba646b2e471824007b14f7
-
SHA1
64c3b4a4011d33dde00c4cbb65cbd7155651c313
-
SHA256
2aef6eaaa49e0880900e16d6f966cd3c3c78bb4695575775a2b15a10a00863db
-
SHA512
a9347dae3f674b0ce8c3df199821b74e614559067b130953497234ac9e6b5be5fc837fbb162ea9bac682b9794d81b26c0f2d8676d7ad61b726cd941b9243f323
-
SSDEEP
12288:3O4rfItL8HPngjqrfwHrxHDssGYhRzP8q+7rKxUYXhW:3O4rQtGPngjqrfwWuzPP+3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_5af729527cba646b2e471824007b14f7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_5af729527cba646b2e471824007b14f7_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7C32.tmp"C:\Users\Admin\AppData\Local\Temp\7C32.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_5af729527cba646b2e471824007b14f7_mafia.exe 7D8DB342AB66E7FDF6B2D4365546C4E973F4B0223888F5D4DD442B0795F651276BE34657A61F56A898E298A224C7628ABEEDAFC2597F75E6CED815BF566DA1BF2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5f14e93eab1e61bdd0b78ff47e4099cd3
SHA181a19505fcfccdf128dc0d83b6cdabc9d0d6d527
SHA25609e9801c9b2175403b380b538e97ca787db5a7a8dd61d46046b9abe932a84f1a
SHA512245b1ac732dfba8edf05660abc94642d3256bf5d23570fead3a5c36dd5017ec4c6cef63dbb765a97d52abd937ab3f665158378be859e68986cb5c7f42f69eb26