Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 00:46
General
-
Target
2024-03-19_6a74ae1cc446ec84682f982dbd3432fa_mafia.exe
-
Size
428KB
-
MD5
6a74ae1cc446ec84682f982dbd3432fa
-
SHA1
595066556604a1acc58ec78a54868c0c9272d6bd
-
SHA256
327482c1b8e47c094fdf8754fe2dca628b7f51330041c2ffc5d3a22dbae3d26f
-
SHA512
f8ec9135176808e778f00af1f5ee6f77668c4336cd67c5dd78c684ec63640437c4c838e24f979c2158d70729bbd19b3ca2fe5feba7d40ed48ece230f3b8b86f2
-
SSDEEP
12288:Z594+AcL4tBekiuKzErh/SQCDvDYhjsDn09l:BL4tBekiuVrh/gDvDAU4
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_6a74ae1cc446ec84682f982dbd3432fa_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_6a74ae1cc446ec84682f982dbd3432fa_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BF2.tmp"C:\Users\Admin\AppData\Local\Temp\BF2.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-19_6a74ae1cc446ec84682f982dbd3432fa_mafia.exe 7E7608E2EC124FA601577C6A70EFE00F8A972F87D44B30F5E9DCA505FD716F7FCDCE17A71EF9643CBC714C00C63D3ADDA4BCF26A207F4390C9E516C7DE2FBD612⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5d8b749c332afd2fc84e8f5ddc299600d
SHA119eafa9da57dd6316cae2a664e244c6b0f296c34
SHA256a73f1ddeae48339f5d925f9d71eaebfd2124e6607908565a0cbd8658b15c9a8f
SHA512d2fa0324d61420f16b5df1538c9ce847016a8edcd2258d25628eb92c65bac59888d3a03fa9c357e15856ad90c67ccd4b05b1128175fa723bc166768b4aeba668