Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 00:41
General
-
Target
2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe
-
Size
443KB
-
MD5
87360e8b8f6d1f1678f7dc696a3f699c
-
SHA1
b926c0297dc7916e481053706c0ef103a8b1bd08
-
SHA256
feb24135ed54070887ad6efe38db0c7b4897b68838603754d933e9251bb59f10
-
SHA512
5b58cdff30e3b796b08c28a22c7b0c47dedff4fd0bb54dc8cb4076d08ac820d40739dcaf047fb930bf17c54b3c27ae967a8bf644a28b68208cb4a7f23b4ba1a8
-
SSDEEP
12288:Wq4w/ekieZgU6UP/yo8L+HKlfcvNM8XlMa:Wq4w/ekieH6CRqlfcvbP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\905D.tmp"C:\Users\Admin\AppData\Local\Temp\905D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-15_87360e8b8f6d1f1678f7dc696a3f699c_mafia.exe 4B97BA4E06C4FAED13041913C3A23F3F54E08522889E3C4DC67D67EC74E9F875093CF763B01E8DA54CF8F00AB17BDCC6CE56B16C6217A4E984CF19AC1A6954702⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5380bcbd51e216685aa90f518d44bc8d1
SHA109657a9ca974853412b3c49b956228eb96f6110b
SHA25698340c656b7326a356f2b724fa798404fe608a4733841577e6ae8ffb729d711d
SHA5126971a1005aae57c2e2f4fd3501e790a3a8510b5fd1a6373215da2ebe17fb65cf76597faddefbc3b7a29d65c66ed29e5a8fccd930fe0f7e3a672f79d5a08871ed