Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 20:39
General
-
Target
2024-02-28_65bc2eaffeee862960527d73797f72a7_mafia.exe
-
Size
468KB
-
MD5
65bc2eaffeee862960527d73797f72a7
-
SHA1
cd10021b1cd6a7dfe5d1ad2d9018f0be09bf5e34
-
SHA256
b563ca9ac073114f83beaef565b33edf94cf5d07654d9be870bf14939f266e77
-
SHA512
1a7fd6865e2c939575af67973e126b8cc6432135b22f3cdbf6f80885860515478da24f750a8c1f01639b522369bef44c7739d81206b3491361877a730c279f6e
-
SSDEEP
12288:qO4rfItL8HGZoB5Kb8SK9kLS6BMrCRZpjk7bWmeEVGL:qO4rQtGGFb7LS6BMrqzkumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_65bc2eaffeee862960527d73797f72a7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_65bc2eaffeee862960527d73797f72a7_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\17B5.tmp"C:\Users\Admin\AppData\Local\Temp\17B5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_65bc2eaffeee862960527d73797f72a7_mafia.exe 2596252BC2092A6AB5310A009CEB3FE5A46AEB1C82883D1788C8FDFB63C64FD72FC523ED56820C0AD9D8A325CBFC613FC16636DC719614D88694B3B4ECA2FE762⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5fda7d8e5ad81b5bd3681f1d4e199d694
SHA194046dfdabfd451863ffee1a2767aacd0f593209
SHA25699ab0564fb4a8f6888b8ff157d226d7c23776cae6a9e14b966ac9d420aefe4e5
SHA5123a7b2536c08afe65c407127c14a33309d2f2565a51e210554362213c1774cff8bc46abf5bdf883ce4d8a2637f1c9981e1b50c25762cb819cd7ac8e5f73153f52