Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14/03/2024, 21:29
General
-
Target
2024-03-14_3d4ea782bee45dbb1c655f3b7567f577_mafia.exe
-
Size
443KB
-
MD5
3d4ea782bee45dbb1c655f3b7567f577
-
SHA1
00035fe60586b88e30956561b250b841582b53e8
-
SHA256
f6d547c64926abbb491230b0a8ebfb43d2c9f42f8413f0297654f7b4b03fa1c9
-
SHA512
1d39da3d0abefb1f85745ff8bfafb515900ad90335e7f8e510c39ca41d52b78c552e057ea3b4476275e2bdf070c29d958d12997dff7fdc147bd39bf71d845172
-
SSDEEP
6144:Wucyz4obQmKkWb6ekie+ogU6BYAnCo8AAbZhrNhZQcYXPBkwq9ONCEQ+PcrqlMa:Wq4w/ekieZgU6rnf8lvrb5Y/BqlrqlMa
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_3d4ea782bee45dbb1c655f3b7567f577_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_3d4ea782bee45dbb1c655f3b7567f577_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\753F.tmp"C:\Users\Admin\AppData\Local\Temp\753F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-14_3d4ea782bee45dbb1c655f3b7567f577_mafia.exe 532FB23C00E62D1525ABCEBE63C56455EBC5E8C81369F7134196BA6B2B11C48B9F91BF357E97F2E89ECEA344D799D0B2BE24E3D0271ACDC80E98026771AC6EF42⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5397f8872b091b8a87998645327e5f3c1
SHA10a05051904d293b6fbb3c92d96dd2aaff632615c
SHA2567eed6ac3c216f887cc73810025173e3241e5c7b4c1caf70818c91e301efdf9d4
SHA5129ffc36f959f012e30053fe7e1ec9461c899c9dc5041e1b30d687e4252f01aedd485fe24dfca4172540f069de5bbf1eca76e9ad54b48ad74705406eb39b849aa9