Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
05/03/2024, 18:27
General
-
Target
2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe
-
Size
468KB
-
MD5
51249da0a47750cc3e6063e63f81541d
-
SHA1
202620b3fb51542a11c77a9fad1375e2890e5c20
-
SHA256
7c3866c8b7a49fef3fd9ef57a79fa7f939e0394ac68e051e70c477d4d12c13ca
-
SHA512
aec405bade2023ca50bba3f2f56b8c1ff1e1361c086d593fdee6cef39b17bde685860caa7d0e1da88692c9a732a2702aa8e90bc46588ea5071c25094cb0d258c
-
SSDEEP
12288:qO4rfItL8HGSMaePNoTxUY8ACMT//Oz6sJ0dF7bWmeEVGL:qO4rQtGGXae6xUjLkU6Q0PumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\195A.tmp"C:\Users\Admin\AppData\Local\Temp\195A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe 4DA35CC3403AFC57886E22BCFBBF470F4865EB99D2B9F460FA5B0AA354CDFF7ABC4A9BB32D76FF6D779E632A0449693B8767AAD45BF8CE884138FA6F5CB9E6132⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5b74105a33f6935f59013cf8b2ac08e1f
SHA1c5f773923f4e480cb91688694f227689c41a647c
SHA25600a0ae033a48f0b0a77161a1e6d0cd873b976147cf4441dfa6f179d8652a94ae
SHA5127209f609d4a96a81cf32d89f484ed510758e2a8be5927866c9d8144d55c3f1f03509aa909480248c9b748c06e72736ba2da66b414ee1d1d8385cb134ee02ad3e