Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/03/2024, 08:39
General
-
Target
2024-03-08_ab0a14728492fa14816a1dc6c38cfa01_mafia.exe
-
Size
384KB
-
MD5
ab0a14728492fa14816a1dc6c38cfa01
-
SHA1
24c656999c3c0320522badbf8fc02eb16197b3be
-
SHA256
8d025181159f687c0b90da6d60ed60db74e583b9ae3e01853f4667093e6b3bbd
-
SHA512
3895356cafaeafc59bb4bce00b5147078a7cb83c122cee783ee52a263a3758327e785808495884553e374654a5c4a23b7164367f9164725a27ac3a6faba0cfe5
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHuI9ZmfWyxNiNZ4CYl52kbFJwcpDzkjcWZ:Zm48gODxbzYQyxwN1kbfDyjcWZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-08_ab0a14728492fa14816a1dc6c38cfa01_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-08_ab0a14728492fa14816a1dc6c38cfa01_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8DE8.tmp"C:\Users\Admin\AppData\Local\Temp\8DE8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-08_ab0a14728492fa14816a1dc6c38cfa01_mafia.exe CC9BCB16FE1B9406B5C3D3266B495243C9726C7DB5E617AD523692E2ADD6F9385A0C82B620A2AAB4A5C03F57117B0EE94EA748376AC0AD8D2D55BD9F9FB3C35E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD598b6dcc41e99b9b703c3a8d81849265a
SHA1104fdf8d779a9000298e50be52f93f4b610d167e
SHA256ce306b034e90f1e5f914088a2398bd7df78a6eb5fef622f9fa31857e9824786e
SHA512393ffa461eb919ce5eba9822a4205fcb79ef534de9879faa2045c3d615f34afe2f1c4871cbf599df02e9b83a0b01889951ef8209c6095fad8416df0efb00b15b