Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 17:02
General
-
Target
2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe
-
Size
412KB
-
MD5
ef962f380254c9c595fae96bb57ad515
-
SHA1
7bfd04224e824338f0718093666468ab8a82e434
-
SHA256
c0ad2f890289a0075b04fc42bfb1c56ac0fb7f940ec583de311e1d2fcaf4f1b6
-
SHA512
a3c46ca0dacd3f1da0802cb9bb8b3e8313514d83d6a0ad1ac5f7326b3a29d7433b9d46ecb8d4cabf5f7fa294ff15cc5ff0ec8dab76b2e624fc7112ff7d7eb636
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnzQWfN0P62spqTHxXQJIM8aVJsR2Nbp+bhN9Jjn:U6PCrIc9kph5BDNz2spGRBR22Djjn
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3D09.tmp"C:\Users\Admin\AppData\Local\Temp\3D09.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-28_ef962f380254c9c595fae96bb57ad515_mafia.exe 02DE70BFEE65CD42E9B748FC20B22C07C7BD472BB982DFFC1CBC37425C465639357EFFCEB4AF26A6B9217697B7468BC1FF2B42E990CFEE304EDC42312211A5A62⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD53804bc126570dcdab95b2d825a40c53e
SHA14c5a9b554bf1f0baebe8e45ed6703d2681e69c56
SHA256797a1b751fdd96be854a7330a855e4da5bd83a2c9700b91bcfde6e7d67bc1be7
SHA5122999f1bdf1eced0569fc6fe3af090043b85ee506e2b213fffa2aa3b18858e83952e5eb2d395558ae2fc9d0cc59db734d1cf6a23b8215f51c12a55608208a8706