Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/03/2024, 12:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe
-
Size
468KB
-
MD5
a4de8b495f46d745ce6517a4e1946510
-
SHA1
68403dbe7ffa87ee70bf87e0699d49c724b86cb1
-
SHA256
a892c52c0cbb353b91a206dba02cdc575981156c85143e9e3029a623c3581104
-
SHA512
eb874e300cde2673bd591d1faba86255221c67a0c2d035cf618b6d4ea0b19bf2ccab417f716ec767447a1c0613d5ec7e864a985f6d7c8a9126f82201d6e304ec
-
SSDEEP
12288:qO4rfItL8HGPS+/5XvXkMica2Xlb4i7bWmeEVGL:qO4rQtGGPLkMicpBumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2280 EC73.tmp -
Executes dropped EXE 1 IoCs
pid Process 2280 EC73.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4460 wrote to memory of 2280 4460 2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe 96 PID 4460 wrote to memory of 2280 4460 2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe 96 PID 4460 wrote to memory of 2280 4460 2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4460 -
C:\Users\Admin\AppData\Local\Temp\EC73.tmp"C:\Users\Admin\AppData\Local\Temp\EC73.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe 77DA93A1563CEE2CD668B1737F92363A54E13A18FCF4AB7C079BA8F8F92861917BF4A6873ED3217FE1461DFF8B13B92B0ED2B9B4325DAB74801A14A54FBB1E052⤵
- Deletes itself
- Executes dropped EXE
PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:1444
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5cb2c7e2523165b8be19d06aeb1aa95f2
SHA1344cfd05ae020b55473f72c1a091c4d4f0d5270a
SHA2564acc82e87c304cd3bc91ec9d432e65063042e18f825bbde59d9382d0357b5029
SHA51202aaab96bd243ba44cda0847737eb4d0ad72901ae5d183eef7a90ab58f7c3cd2da0671afc56000e4bba4ec2d8365d495dbee7abd43b27a21562f6ef046d93bec