Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 12:57
General
-
Target
2024-03-05_cbdf63fe8bd3413ade06122dd15636ff_mafia.exe
-
Size
476KB
-
MD5
cbdf63fe8bd3413ade06122dd15636ff
-
SHA1
ba1bea1f917ec300f0cdaf06233bdf1266978ce1
-
SHA256
9f34d9b3965a68ed3d396e9b165f8414955d63e3d2d11ff6e2dea078113f465b
-
SHA512
bab164f20d176b6d50aefcda2e9d0cfdca00ba25d8c6acd69584be9f11034334020c4a9fabefd879364647ab15260b0c92ab95c672083c91039d0cd1e766a8db
-
SSDEEP
12288:aO4rfItL8HR5bt5qigl0Zf9rzS+d7K9wlsDpVFd:aO4rQtGR5B5qzl0ZfNvd+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_cbdf63fe8bd3413ade06122dd15636ff_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_cbdf63fe8bd3413ade06122dd15636ff_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3CA3.tmp"C:\Users\Admin\AppData\Local\Temp\3CA3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_cbdf63fe8bd3413ade06122dd15636ff_mafia.exe 919072DEF3A3F44977258CC5600DE923D73673C2EA51AC144C0F14DD0CB9A08DAF2C2D81BBA2DB9F4511C15F719AF8E9608CFED9564A1C2F243DA2FF1C1FD0E32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD513c61edbb76ef96015d9dd4fdbb4b015
SHA1c87241910c323523d57983e82aff2100c6a2cc85
SHA2562df411d498e2be1239eb9c6552887d3f3dab7919ee3ee55ca2b7d22b2311872b
SHA512a1635035f4a3625dea5204654a1031dc7757087b9e32dcbf9e33eabe8e328f5f2c0f340128c5a2f5bde812ddc20e40cba9c92eef6b00130e527f05083d22409e