Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/03/2024, 14:45
General
-
Target
2024-03-13_4f354b463efb78215383853a33c7c8b4_mafia.exe
-
Size
413KB
-
MD5
4f354b463efb78215383853a33c7c8b4
-
SHA1
b8daed593b6cc2652c3153b39b5d40ccbe00da47
-
SHA256
57a4e04ccb381b5e104477d8fb2dab8a8d4ba1e205fbf2999bb843ea47582f54
-
SHA512
b3519c09839de23f41686cfcff5d95c66684e051e19c4ae08a46e1f8064e878e4c7dbaf03cbbd3f920f3f2701b5d61f7ab9dad67bd77a6f4bcc9e2807ae84739
-
SSDEEP
12288:gZLolhNVyEniA6jZzf4cQ6kWU2ek40PiqHg:gZqhOEnqZzfrk57k42M
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-13_4f354b463efb78215383853a33c7c8b4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-13_4f354b463efb78215383853a33c7c8b4_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6B03.tmp"C:\Users\Admin\AppData\Local\Temp\6B03.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-13_4f354b463efb78215383853a33c7c8b4_mafia.exe 1B82D2C34227F5623E921A37FB40504EC0058881E575D81E181D6D8E82D8CFFB90C9F382F55FB0BEEA3C71FE1BCA502966BA69F4E91E79915F7412B6048557792⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
413KB
MD5f387cf2a9d95ca2af7b1f0295fb0cc4b
SHA17f3730254f1d5374698581b7c586251c537664be
SHA256c92b2e25792996326914cd664b5a978f27856d79624001c20684e1c5e89e0206
SHA512866b4283a94b94482bdc19cde3258ae29d2d9332a62bf3a76276c79a08061f8b4829d3af490428f797b030114b8e049735739745aa05e491249008bb288b30a5