Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
15/03/2024, 17:33
General
-
Target
2024-03-15_591e194c97288cfce8fa4ddeec55f175_mafia.exe
-
Size
486KB
-
MD5
591e194c97288cfce8fa4ddeec55f175
-
SHA1
b21166abb835010eb3cd88c5f45cf334b5dd1078
-
SHA256
a30bdcef16d0947f539bb4d7aa442f85f16c4d3b585d3cba2ace5c3ec4753f19
-
SHA512
c0cca3ebf1cfd7baddb5faeac1ebc6d4ee3ae309e143fc0dd0317fa5dc0f1185132df0a9a45f816ba47a3eb2be91905890503119096a700bd2c8d37710dbc3c8
-
SSDEEP
12288:3O4rfItL8HPEb8Sn8UmSP/91b5qwR7rKxUYXhW:3O4rQtGP28WN1tq63KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_591e194c97288cfce8fa4ddeec55f175_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_591e194c97288cfce8fa4ddeec55f175_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\197A.tmp"C:\Users\Admin\AppData\Local\Temp\197A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-15_591e194c97288cfce8fa4ddeec55f175_mafia.exe 315A1F0577FA99CBC503F6E25658F38321FE66F8176D7FC3688991CECEB482E76876AC4C182AA599287792B1CB6948FF92CD40553E2EE9F6F20E33421B5644BE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD56b998e689955774736715816f3282c71
SHA11a8bbb1c214fcef203ed099dcb8ddbca67c68e73
SHA256dd4bef3d0a46d35d9bbacbe605aefb470ef2c99757d0f4bc3651e91439bea8fd
SHA512d8c55de7d8c6f3a484152fd666a3d897599c140884b96fe71723f1bb886ffb5bea66d8e0bf7f1ee4bf140ba10f6957f21e55485b13f8fe9e55625eeeec178d64