Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 19:43
General
-
Target
2024-03-15_99cca9efd743803121becd3adadf3cb3_mafia.exe
-
Size
443KB
-
MD5
99cca9efd743803121becd3adadf3cb3
-
SHA1
fb8bedeee95d45c0c3af940782ada1ee0b8063ff
-
SHA256
ada239128de81a117db755967040ecb00d045b8b257980d8141a5ef71732e9f6
-
SHA512
2694101eeeedc75b85f0274dd25e0b03a94856165d72adb9401d3460040b42df80c63e82975ab9f694e0cee6b9d2fd3ec1cef29d2d84e3d9dbbee8ede881aa79
-
SSDEEP
12288:Wq4w/ekieZgU6Dg+Cw+4qcj27g+aEelMa:Wq4w/ekieH682qcCEzP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_99cca9efd743803121becd3adadf3cb3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_99cca9efd743803121becd3adadf3cb3_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\928F.tmp"C:\Users\Admin\AppData\Local\Temp\928F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-15_99cca9efd743803121becd3adadf3cb3_mafia.exe 01B26C1E96F8C67848D0F901C0472EA1F97AB1B83F62CDE8078889D762000BA1B2DCCAB28CFE5B440159C5E1251F022B6DE93F845B6A52E4041768A4CE749C552⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD54dfb678aeb1f9489a4f7eb4bba997b39
SHA1c28cb41bdb399ba0cc6b47ea83dc83ad8136d63f
SHA25628154b8e7541e401f7e6355284c5b6d2ef259983ec3188c7908ce69ba91d174a
SHA5121ade313190ed0cbbb5e3e870fbf69f3c78951408e078de0f356ec758b70776912cccee36d66ee46afde34be5c18a88fd0baf2c04241b8831e9ccbb9d85ec97c1