Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 21:39
General
-
Target
2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe
-
Size
412KB
-
MD5
7bf4c7492a5a5343d8bcc65bc2f3eff4
-
SHA1
25d8e74eb15108c70055c129818fd462f44ea1f6
-
SHA256
c97fe1383a11ea2e8d7542e3cf4e3b95ac8d45e054cd13faff1d131dec6dbabf
-
SHA512
9b8c4cad4dbbb5a7afb9798ff57531e7f4857f5aa951fb20b86223ffe85a08605732e9079eb574430b8c5adf7a8574391cf185d7876f9915ffa055ac8898f633
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnGBHvg2EfMeSBEKgnoyqlVFOEd4kgaI8nzosuQ2:U6PCrIc9kph5MPg2kI/dOEuaTnzopQ2
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\32B8.tmp"C:\Users\Admin\AppData\Local\Temp\32B8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe 6BD04879F206FEACCC15A6BB17FEC57AD3096954CCCC81FD61B4B824E9797E3272556AAEC54DB59D2D097BEDAF70AA8BC98C6B7CF41D07B9DAD842671CEB152A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5dc84420924d5e3fbbfb52d9b90279117
SHA158af8fa08f6a185f2a5778dc039fa25c05dc4281
SHA256d6e431c6e751e1a2b006a582a584457095992b7ebd2ffb2a6d2b0549d30b7c42
SHA5124f6566c2c809abf59bf06cab86bc5ee6ec06f641cfc17bd40ec980c2b8199136efcdc1ae52604f6707100e0a9c62aa11a94af3f105f6bc155a5bfe418b44e386