Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19/03/2024, 00:27
General
-
Target
2024-03-19_092a9da8179ec480e7f86d9046ef3230_mafia.exe
-
Size
479KB
-
MD5
092a9da8179ec480e7f86d9046ef3230
-
SHA1
4229df96a6add557c0f96afad992c2e48e8c557a
-
SHA256
23605746abcd918691b6ace36c8bdb96ee312f92b0712e9c007c5736b0f00e52
-
SHA512
013b497260889c98a15b85f106a6a2bfb2a48ab5206f8b94d2533a23c84d911a226cc029a6d143eb9a3a6f4aa1e55681390ca7aa240432c924a5b5d53e6e16e2
-
SSDEEP
12288:bO4rfItL8HAJ3Oc/goo6PGOfunX5Rf75UO:bO4rQtGAJ3OcNo6PxuX5RfVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_092a9da8179ec480e7f86d9046ef3230_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_092a9da8179ec480e7f86d9046ef3230_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5F37.tmp"C:\Users\Admin\AppData\Local\Temp\5F37.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-19_092a9da8179ec480e7f86d9046ef3230_mafia.exe D73BDF0E81867E56BE04A3D636E7B5A1514B15FEA94ECDF448A584AF4393E863531F5D91A3CE1A992897F46DB84FFCBF8B3B034DA8A58578388B3834C609A9B82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5aa0f092eafaaace86312093f0002dc9d
SHA15a8764fe655014b179a933cac86e95a6057d7941
SHA256afd5d07abdb88c7625673bf6db91da6775546d2d83dece6b58835fd2abacee80
SHA51211d03910cf9f8eb606995ffba37439c167d38ad279d6ca1a21ed9d946193f9f70d66df09f48530a9cd6bff59b2e6925e9e4ca8fd0d54111d09b66222e0a1f297