Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 23:21
General
-
Target
2024-03-05_03cc798f149bff3b0ba1ce176ab99dbb_mafia.exe
-
Size
468KB
-
MD5
03cc798f149bff3b0ba1ce176ab99dbb
-
SHA1
42cb691919feaeccda0c2ee1499c493dcf77ba2a
-
SHA256
ac7ef5a05e702c734845cee68e856fcd644ca485cee81ad162518c838a8f46fc
-
SHA512
114f43e0dfb3751f43f6619d3abb2cfdf5b05c03c037dbd537f74df0cc8c2ed2f7557e8d079168f463d62ed64b9964c0b20a8bba17b5cce966c15c773f4888ea
-
SSDEEP
12288:qO4rfItL8HGfel4PWHFiYgpvbaWOkyw7bWmeEVGL:qO4rQtGGfel4AFitj2YumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_03cc798f149bff3b0ba1ce176ab99dbb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_03cc798f149bff3b0ba1ce176ab99dbb_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9C9E.tmp"C:\Users\Admin\AppData\Local\Temp\9C9E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_03cc798f149bff3b0ba1ce176ab99dbb_mafia.exe 297E0C8D226D9E81729E75F707ECDDDC1728D92C5238CC9A27AC2AC1D863C52F99B13959E3C5E8A2CCC976883350DE2341654A47FD52A19FC5A7434A7AB387C22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5d5eb6fe22cb1419750edd2a8f36ed79d
SHA16f683db8aff17bc189fbf457a3a99a34eb8801ea
SHA256451fc7e3b6a9688b39f1033ca48141ab296bc601519caa13350ffb2fc4c95f24
SHA512c0810bc85300e297e40c2a309fde83c7e979b1f2fbe89c147fd70636e73e40ea8895f8a8455cf13dfc5fac625c1edc9760f95c8b2abbccdca52016c336502b9d