Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/03/2024, 15:55
General
-
Target
2024-03-18_e6508ff4251ec23c9edd1617daa44b46_mafia.exe
-
Size
412KB
-
MD5
e6508ff4251ec23c9edd1617daa44b46
-
SHA1
11dd156c9fd9a22fef3f7c7b4a62275fe9dfc23b
-
SHA256
f04fabcd3ab6f24a8562e246525123b0232c883d8065afd2b4049703196ce297
-
SHA512
ffeb961ed0f7d1c42ddc42f17f0dd359008650ee2895d6e70232ae1958c1c63a59bcbe248b6440502ca34047f30fc93e0fbd57774e7f5913bc06cfb61663491d
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZn0Sg8cd22WZaE8mnF/G5PUwffUyLoFxDj/WP:U6PCrIc9kph5+SbdZpnF+Uqc//W
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-18_e6508ff4251ec23c9edd1617daa44b46_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-18_e6508ff4251ec23c9edd1617daa44b46_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6B03.tmp"C:\Users\Admin\AppData\Local\Temp\6B03.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-18_e6508ff4251ec23c9edd1617daa44b46_mafia.exe 04249103A59B74F53C4111BD8A3D40AFBDBBE025786E3458497DD294C8F3057C2813D5AEFCE2639E6AE65A9264252AE51F7891D65BC82B96FDDE6087C54DA3962⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD515892227377b284bb4678dfc25e47616
SHA1260e13f8f5c8c75beebfd9e6dce168a79e495a27
SHA256f4a21e063f58cd14517a02849b41c9098160183f167070189bf1b4865e51be18
SHA5127b4de4942cbd2c46bc5395f2182ccfaed3e50924a9b7e507101d18d3cc88b49aa424aa738e4640e59bc6e0dd45a001ac90c7b5686b585d49b1c1f45a7b8e2963