Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
10/03/2024, 02:55
General
-
Target
2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe
-
Size
444KB
-
MD5
f8b130c7b60cb44e128053f45bfd9c37
-
SHA1
96992f4da282a6a8cf18313369e18013db615c52
-
SHA256
0c89a4aea693868d3f04d4389c5aa735b86d26e97fe2504433baad45ef1e8a6c
-
SHA512
f2dd801764027b2c1a7a0ecc2edc665598cd99de49a8bb5d3958699c2720f8470e831804a7f1d6da86c51087146a3cd9494a7fdb3fb6bbcdeddf84b886e7e11e
-
SSDEEP
12288:Nb4bZudi79LJoJfcGqYr8Rn+pXx8Z6iYQVJxA:Nb4bcdkLJotcxYr2mXxrM
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EB0.tmp"C:\Users\Admin\AppData\Local\Temp\EB0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe 92DDAC1A4F0B0FCB8BA4A0B41A6BAAA20E11066659C7DB261927524C63C8C621863A41DA1BA8ED63062FFB702F123D4B470E7B6717AD44BBFB1E015E1E2BE6FB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD53d0ed82eab75e04c7332dd0b7c8a6512
SHA199add3f19296be9815e7f7e7622e01cf67e8b599
SHA256b39e71610342c3aa9879088154cf46d6b1444ca6756fcb3fa8c18cb9916df335
SHA5127bc3c33d6de87fd0570dd4dab28dc7e102b214b8ee9ccee8bbd4b7867e14c061cba2f29a64e254114ac01b2d52f295bf1edc5e63c80f858f3946e526c564cdf2