Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
08/03/2024, 03:45
General
-
Target
2024-03-08_8851098485b1f0c17b8a0ed9af99cc19_mafia.exe
-
Size
411KB
-
MD5
8851098485b1f0c17b8a0ed9af99cc19
-
SHA1
dfeb5f836a9456306e16747eb62337b6013a4028
-
SHA256
4efa71bd70ea818386e28ae09a5ab8f0662d226965a8241ddaab7cef34f04865
-
SHA512
8320a94a7bac8c3f508c4111edecbd4c82f7ab87ba8239d25a08e69ffcd98bf397dd0ed3f5eb3f6e626b249842262c130873fb7d6a9ca119ae771d84e7561b2b
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFG5/Sb56/c+ZBxjJq02NEYJE/SrWqHI:gZLolhNVyE/6b5B+ZBOZEP/SKqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-08_8851098485b1f0c17b8a0ed9af99cc19_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-08_8851098485b1f0c17b8a0ed9af99cc19_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\B471.tmp"C:\Users\Admin\AppData\Local\Temp\B471.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-08_8851098485b1f0c17b8a0ed9af99cc19_mafia.exe 685BF59B8EF35B747DFB136999570562D3258A0652D300A0774164F6092CD7568811E91880C368DA4A972A75091DC93290F14669FB7C6EFD38FAD2BA7852AF122⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD546bb5d107790fe6bf02eb190cd7a42de
SHA186b31933eab6d171e1b949f97e811d30414dfb53
SHA25624bae2404f9997a56b24dbf9e6ae59f2035238297afaeca941345d9680336274
SHA512760e5b0c44622a68cd96111e6e5743e67df075d8a9717ea099a40271b629b206f63432a51af14085d436745e3480ec1793549de8138672aecfa190d818a8d196