Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 13:46
General
-
Target
2024-03-06_d3bd8816bab9455662ec1a4626dbae7c_mafia.exe
-
Size
428KB
-
MD5
d3bd8816bab9455662ec1a4626dbae7c
-
SHA1
21da27b775491a0eb64cbfcaf127a1630dafc4b3
-
SHA256
27aae5fc090cd32ae611b6a34143d5b20d629c280e6d4605f9a81f9e34e05251
-
SHA512
8ff4fd3c3c6d30e55742257699217d60edda3cf53c9f54704f7be826fbf6b97fff673054e2547fa76b3b47884d4313ed4052a1110d1cc707cffe13cfe201fc9c
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr4uWfYOq8F3hlCxaDWgUnY9vo/l:BL4tBekiuVrXOlCxSWPY9va
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_d3bd8816bab9455662ec1a4626dbae7c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_d3bd8816bab9455662ec1a4626dbae7c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\66CE.tmp"C:\Users\Admin\AppData\Local\Temp\66CE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-06_d3bd8816bab9455662ec1a4626dbae7c_mafia.exe EDE27A5DD94C46FC7EF0A8E9831D8B2F398D1DD2F554357305587778958D33266E46B5171EA2577669A4706077F40DBA96843D346EB5FB254DA3EFF5B48CC7572⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD50d9561c1ec3607b8dbeddffed8129126
SHA151cef374c5b82c499c23cbcd7d71e89fc990b123
SHA25605623d11c600f406d195aa36ce09ca825c0e37a7be673b40ab1a8d8934d02154
SHA5123efc8983ed3105128c6f4ee74e958da4c374e81eded2f6b90ce2a722b08b6898b691a9741e0c22f5f1d9867a6d3689b152ff28aceb2f8bfcfe745813f5eecf78