Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
16/03/2024, 04:57
General
-
Target
2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe
-
Size
428KB
-
MD5
c31d10d5d566f638723d6e86403f4fab
-
SHA1
21d852ae1fff193be6de4afb921f34f9203d6108
-
SHA256
87a927705a879304cb9c0315761213f693cd892e524ddf0431ca8047baa0c398
-
SHA512
1f87c376906eccd4875f2979f779a9e0b9cebcafac0160a2cc1d59573a08304537149831c9ed6559e61df06533143c35b191b2617462c01d622f34d17baea7a8
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFmfWN5Hg35ftEJvzfYU6Oe+0qHR:gZLolhNVyEBfy5ch4LgxOAqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\323B.tmp"C:\Users\Admin\AppData\Local\Temp\323B.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe 9AF3E30C7E1481F85FF317FE142B2C6EE612F955D185F465589A984415EE87AB05265B2F008A6FA8471F2CF502EC86CC2E1DD52EA599F837875925A9926A2FA52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5da2eb2a83255cf331dbc160288bb2d93
SHA18d88e45ec883ab1d810d7cbfec2a07fd9d22a95b
SHA2560d3a91e1577231e4c3896ca482301ecf53af2c13ac37e0ddca51848add3ff41e
SHA5123557b2de526187ed30907872711ee27dd1123637ee0b4d2d63e46a6942b9fad47eec545f16e2308c074aa48ba89f82f552228734cec571ad126aa413ebee6d84