Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/03/2024, 02:55
General
-
Target
2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe
-
Size
444KB
-
MD5
f8b130c7b60cb44e128053f45bfd9c37
-
SHA1
96992f4da282a6a8cf18313369e18013db615c52
-
SHA256
0c89a4aea693868d3f04d4389c5aa735b86d26e97fe2504433baad45ef1e8a6c
-
SHA512
f2dd801764027b2c1a7a0ecc2edc665598cd99de49a8bb5d3958699c2720f8470e831804a7f1d6da86c51087146a3cd9494a7fdb3fb6bbcdeddf84b886e7e11e
-
SSDEEP
12288:Nb4bZudi79LJoJfcGqYr8Rn+pXx8Z6iYQVJxA:Nb4bcdkLJotcxYr2mXxrM
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\447B.tmp"C:\Users\Admin\AppData\Local\Temp\447B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-10_f8b130c7b60cb44e128053f45bfd9c37_mafia.exe 61264C92D57B1B02981C23AA821AD50973EE80117D17FFC73078D9950514A01A634A3C05B78AFDE10688A717C48474428E9294A1CDFE3870A5F957B58A81CA482⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5d2e6619dbecce967111d717059cc1a04
SHA1ce37798b2b9b0d892f111c28804f38fa26b42685
SHA25672e811516b000b63569a7d08c952b579bb492c45fa862a23a503df37c73e13b8
SHA512bd39941e7ec310aea11d90df0b43bf530d68cb1cc31b0b4f9342b0cb7279121b264732e590ada4742f39f2208e1b9b6c0cbfa1a26f647918a5652738e570a1a5