Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 21:37
General
-
Target
2024-03-15_b009304911992b2a8af20778791eb0b5_mafia.exe
-
Size
479KB
-
MD5
b009304911992b2a8af20778791eb0b5
-
SHA1
c7215c6782e4d63f5c13a9f188757f930bba0a8c
-
SHA256
ab5664d4f3f3b456cace45718f89e28aad774124a72ac578e13a91674001efc7
-
SHA512
0a88ceb33628dff5cd06554074ef532bebb25a6420fe4f542e6e83c111e310789a4ef97605b60602846cc41cc56312d878ab9a3cdcf9de65969ed93dc21af18e
-
SSDEEP
12288:bO4rfItL8HAFQ+UbTMxKMUxURyCaRkdbyeWnm/qx75UO:bO4rQtGAHU3h+RyCCeWvm/qxVUO
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_b009304911992b2a8af20778791eb0b5_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_b009304911992b2a8af20778791eb0b5_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\476C.tmp"C:\Users\Admin\AppData\Local\Temp\476C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-15_b009304911992b2a8af20778791eb0b5_mafia.exe 7D7798BD146B2DBBC25EFB8820BA9CE5AA86AE703CB207E9E268CFC1708B2261757AADD108F92CC1002C45CCBEA613E02739F82DFB0728C54CF26929C32AD38F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD506e80cd4bc08a61924c9bb4ee63bd055
SHA10aeb695a230e65c69f4ea50baa8129b160c389b9
SHA256b2a01c3ca9765d8196da0da7c5cb3fe480ac213bde1a3262a7de2d5339b73a2d
SHA51270545d479118b48f4f0e69481fe3fa95a414618e0385cb7681661a060aa2324a8b4df22a88b184bd2e736cf544018e69ba3ffea102483ca1f0a3a5f9d815224d