Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/03/2024, 19:53
General
-
Target
2024-03-08_fddb5a2cff9e52a119a0dd88b6d38181_mafia.exe
-
Size
384KB
-
MD5
fddb5a2cff9e52a119a0dd88b6d38181
-
SHA1
4612ea3999f76ea9867a946a84fb07a748a3edb9
-
SHA256
7a974844a1a9fc96db01fe497058d4d9bf353b2b5453b6c4f9eaf0a7b0a0fa72
-
SHA512
0e9a9f70c4a0b1dbc94d384a736e526204e495bd1e01e59aa66b6af925130627f7fe9e6d7ace443fedd748a7816b075f766a1324c044d292abc4d03c82c42d92
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHfWQkg1QwsKzfCTqQmSPOytdJ1yMzlB04Z:Zm48gODxbzhLLKqCTmzytdfRZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-08_fddb5a2cff9e52a119a0dd88b6d38181_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-08_fddb5a2cff9e52a119a0dd88b6d38181_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8D1D.tmp"C:\Users\Admin\AppData\Local\Temp\8D1D.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-08_fddb5a2cff9e52a119a0dd88b6d38181_mafia.exe 0343ED19E224A2F0A9E7BF27F104FE4A6D225D9DB8CFBE12510BB75C8A926D69F9780527E36FD808372C691C798F4EA9407C1E673CB5AC0F99EB3FCC1A1F967D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD524de9a7bac79121cc12ef61931a908db
SHA14b77b15bebd83d096aeb313fa0d7047f08b66c51
SHA256f59f86ae26ca5e2e26c4ad911bc9b2e9931169c704cc933273fe68b354d95aa0
SHA512c6046cd8d8f31218170c82bab88049b25dfb22ae76e428af33698817ca9c13dd8c3a992aa814fa87d03f83057785bb719f6226531b7a77e434b68214ac594429