Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
06/03/2024, 13:52
General
-
Target
2024-03-06_f88bc92613a88f09469b64fcafacdcac_mafia.exe
-
Size
476KB
-
MD5
f88bc92613a88f09469b64fcafacdcac
-
SHA1
f5acd8e4e94c97d59fb990f7fdd78bd3b7974878
-
SHA256
728d643c9be93d948906e60fb56487ff1bb95acef33248db52c2ee764c27b463
-
SHA512
15f8ba31716ef055489ab5d2f288c32f12d191e1ac8c55c9a5eb9839e56984e34d32661076d6d31f1418337cf7e038dcd5e0914b106dec3d4e1406a4299a1c99
-
SSDEEP
12288:aO4rfItL8HR2gJgXDkyrNUFJGMzJrPpGBn87K9wlsDpVFd:aO4rQtGRHuaFDPUn8+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_f88bc92613a88f09469b64fcafacdcac_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_f88bc92613a88f09469b64fcafacdcac_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1BBB.tmp"C:\Users\Admin\AppData\Local\Temp\1BBB.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-06_f88bc92613a88f09469b64fcafacdcac_mafia.exe 49D1F9A1D5D362C6FD9EFAD48EF6D124761870E65EF80EDE7374230BCFD3F4A38512779F18BB783FE2BBB5D0124A18CE8780AEE1F1B27BFECF6F8BE5D761E7082⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5558b810aaa57c676f1a28aca2aca7470
SHA1980f1e878b3dc0bf9ab3d57e0753141b43d90ec1
SHA256f54c227a5b7daeafee2a98fb54842c311a205f3d887b76889a96dd0c07515119
SHA512a697e3fe03b81a8845341f1b6747ff84881ecae1e7ac3ec313afa4423a1092bc7bfb4b91653ddd24e86acfc26a650fe253b186d589b6fbda1c3e3b98399954a7