Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/02/2024, 06:25
General
-
Target
2024-02-29_0bde83cbc25450b0630e0f59302869a5_mafia.exe
-
Size
468KB
-
MD5
0bde83cbc25450b0630e0f59302869a5
-
SHA1
90485f8c647d1cbbf65659cea4a58a4cbd94f49e
-
SHA256
12b5b021d6602ad61b5bd49619727abc07cc07601861bfbb4e149515564e6b40
-
SHA512
8d2fb82e0903cee26ff59facee14a205e01c880edbfdeceff63cf552ede235f4ab2abecc9cf85a9b9bed23ca1e4625b49d71f5ea785361ada0d0e1cd473e2db7
-
SSDEEP
12288:qO4rfItL8HGJmu/gfJbRMrlAyMqQ1pkq7bWmeEVGL:qO4rQtGGIu/g1QlAyM5lumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-29_0bde83cbc25450b0630e0f59302869a5_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-29_0bde83cbc25450b0630e0f59302869a5_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3F6A.tmp"C:\Users\Admin\AppData\Local\Temp\3F6A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-29_0bde83cbc25450b0630e0f59302869a5_mafia.exe A4E98E1047210DE05F4B7CE39857CFFDD0BE9C13269DE99140512E336E3760CF70EC33295D16098A2BFA86B4D947E1EA04DB3A1578DA73AF0DC411A5154A54C12⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5e3b1d2ddc4e7e8ae2bc56be7b132b6bd
SHA111c9bfe965e3c34ac241ec7988cc140f52d67a00
SHA256c5e41ee7a15c139e8ae11be0422ab2aaf1df77cbcdf87c40eb7485497d69139b
SHA5121e0b314c8c3bade356e0382724011b0062705a5c6c1720d868063ea28ebc3a723eda60a7d3c332dedca06e8a98e11074cbab06645b71beff40b1c67c288738d3