Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 17:02
General
-
Target
2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe
-
Size
412KB
-
MD5
ef962f380254c9c595fae96bb57ad515
-
SHA1
7bfd04224e824338f0718093666468ab8a82e434
-
SHA256
c0ad2f890289a0075b04fc42bfb1c56ac0fb7f940ec583de311e1d2fcaf4f1b6
-
SHA512
a3c46ca0dacd3f1da0802cb9bb8b3e8313514d83d6a0ad1ac5f7326b3a29d7433b9d46ecb8d4cabf5f7fa294ff15cc5ff0ec8dab76b2e624fc7112ff7d7eb636
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnzQWfN0P62spqTHxXQJIM8aVJsR2Nbp+bhN9Jjn:U6PCrIc9kph5BDNz2spGRBR22Djjn
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\978E.tmp"C:\Users\Admin\AppData\Local\Temp\978E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe 900862398CF44D8001059A758DE050DD48EA64461E03C45C51A8BA1826E669DDBF8A59B8F417C1A57DBD6BC51D865ED9C43801D0A4F7DCDD6E0F94250318DCB82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD53bf14414390e2b89ccd1918a422c8020
SHA1777e5286e5f9990f88597b4fcff97da23891f652
SHA256c0cdcf4e4c72e5fa86af79dd7d4c2fb7545976d5006bcb5298d90a747605321a
SHA51226249c08d1a9ee3a5d10972b5f5febfb2e36fcc22ed316e54a536233a22e8e5c509c850b8ef5f6608eb9cbdead1d87408d89bf646c1f2fbbaf780d0318cf32ba