Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/03/2024, 13:48
General
-
Target
2024-03-18_b0cb28f2da2fed1cd2ac2695904c225e_mafia.exe
-
Size
412KB
-
MD5
b0cb28f2da2fed1cd2ac2695904c225e
-
SHA1
cd853241956f3bc635a05811fcd0761e010c4a34
-
SHA256
56ea31235d41d2b70809dd016c37a38e36a154f790cf59af21bb7d65feb1733a
-
SHA512
26f595ec6aa0fa4b96579699c484da2de71158b188084aa0b9691a2f44c57c3abcf0b899e625666217291a3c2a9ba5ec88f3ddd2b5a5cde04124009e58af3278
-
SSDEEP
12288:U6PCrIc9kph5RK4Hokm2HL9b7J6pDxRyQMF:U6QIcOh5RK4Ikm2Hhb7J6pLyp
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-18_b0cb28f2da2fed1cd2ac2695904c225e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-18_b0cb28f2da2fed1cd2ac2695904c225e_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A8C.tmp"C:\Users\Admin\AppData\Local\Temp\A8C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-18_b0cb28f2da2fed1cd2ac2695904c225e_mafia.exe 58DB40671C6A792D086B3C2240A7D4EC6F8D5EB5B6538256D7BBD7DC9C76C90D0A15232BFF6AC59176081D83BA937490AF8E4F9662CC1A28B2939073D26A81852⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD56d24482b8b6f7633a8d2866856088a7a
SHA1762a8f74d960213fce70474b84d2bf819a473d27
SHA25678294fe3ac545674069fd380e64e715a708a125134bd671fff8bc753c74e2db5
SHA512bd43867c996b04935da0c6170fa923237453bacdbb08368d33de060808d8251e435732853df1a71a2943b8de0a919d9b67f1dcf1357e2805b7661ed6994d9bcd