Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/03/2024, 23:26
General
-
Target
2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe
-
Size
414KB
-
MD5
636b415101765a58d97b405c3045a694
-
SHA1
86f169a3e4cc6833fbbc57dd931f0d648edee2f9
-
SHA256
80406c59f879f9bd2c9bbe9bd07fb863862804d686dd70af4cedcbc06611eb69
-
SHA512
bbe89d47f0be092f837a390235b68086a3ee948a3f1c5d920cd0ec762345763bbb20e2ce8f0f64972cb0217e68bc87903eafeda220e6d63991a7f489727d5b57
-
SSDEEP
12288:Wq4w/ekieZgU6/agLUP/usVXiTdL9u7UkyjIpl:Wq4w/ekieH6ig4PCZLY7Ukyje
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\14A9.tmp"C:\Users\Admin\AppData\Local\Temp\14A9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe 1855EEB8B02F4CD95C27F17AA94DD2DFC8BC979D42E3DCA0B36A970CF6A9A87EEADB74E475A3FF46304FA24C24DA3E68E6ACBE4212276D293D0671854D197E2C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414KB
MD58a28aa47f9af4f5704877c1d874602b9
SHA130f39d0de8d8058c42414e37ba85476da889af38
SHA256b3a4d7383bf615a22b5dc50e39133be0c32ab7c860a381d005a77f23e3235e03
SHA512039d4947baa9a7664a57fe935ea2af90e4dd0bbb1d5a1e24f911c09b5ffe0d1b9cab78d544551d7fc3de75ae415ef44aeebeac7d858d18628ecce160727989b8