Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 14:47
General
-
Target
2024-03-05_bf2d2360a4b54f64fc7284a7ccabbd04_mafia.exe
-
Size
411KB
-
MD5
bf2d2360a4b54f64fc7284a7ccabbd04
-
SHA1
f40083d7ae39e0f58ef7ac7ccde68f8740fa2433
-
SHA256
98dff46683d084a93120110687fe4f3b8d26b2aadcb6bebb4df081c94393b5d2
-
SHA512
2f250aa70c63739f650a398c0948aa65979d3e1168e3609a4997c782df15b7f4f787377c2ef989a0b6f59d2e4eb11ffb787ef44b68326090b5cff7215cc2c060
-
SSDEEP
12288:gZLolhNVyEaOqvPVWLLRcQVJci/cKgKqHI:gZqhOE/LdcG/cKg0
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_bf2d2360a4b54f64fc7284a7ccabbd04_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_bf2d2360a4b54f64fc7284a7ccabbd04_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\50A0.tmp"C:\Users\Admin\AppData\Local\Temp\50A0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-05_bf2d2360a4b54f64fc7284a7ccabbd04_mafia.exe 1749BD03A2BFE4235041AB2F852481D15C4B48CCFBD3AD6CC7B31C46F727DDAF5BE57433B9F8A5FDD6CF89F0ACCBDF82093455EA72D3E8EBA3A1B48207AAD7D62⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD57b1e32ca07969115c87d65912b4f8bd9
SHA1fb5bc04ddb3f0cd59ac4b3d522ee94962f841b63
SHA256385a7e9d1e4a70ba9a224360b711d4913d145ecc998b4a49aa58d13837b9a4fd
SHA512702a9804021747eb83d516999824c7c239ab433697dc036d962711a6121d1966953df5b74be62dbf5e105bf0aabd0c7b122b607717b0e5a504f25bbb26876321