Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19/03/2024, 01:48
General
-
Target
2024-03-19_3b3bfbd877f6e1a511f76f3af27e40fd_mafia.exe
-
Size
468KB
-
MD5
3b3bfbd877f6e1a511f76f3af27e40fd
-
SHA1
bd3faf173c7f8bdc9d8aeab055f66d83a824b635
-
SHA256
7336ab208327e3fda5abb799533daf5bf6e23a902493a8855d10a58ae09f8986
-
SHA512
ed5da048e356355ea4c762be21805a15891dbb630e4f86b791a29da30df629d228fb212d2d9b821adf642a2932f5db09d1735d487c6f7c8d589b3e2365762731
-
SSDEEP
12288:qO4rfItL8HGAdA56D8xZK3DHBoi7bWmeEVGL:qO4rQtGGAi5y31oiumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_3b3bfbd877f6e1a511f76f3af27e40fd_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_3b3bfbd877f6e1a511f76f3af27e40fd_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\751.tmp"C:\Users\Admin\AppData\Local\Temp\751.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-19_3b3bfbd877f6e1a511f76f3af27e40fd_mafia.exe A1691F5312764CB13C0F669262C10D7842117F72CFE276EE7ACB9F3881771DB47F18B1050C5B8005F0104AC096F65FA5053ABE1D0B014429E18F7CB37BD1B86F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5c91888b7c07f8fe0c0f5e706948a19e5
SHA1c8123e017fbda0e224352274a99790be971a2ce6
SHA25609d66f232fb856b73e6730ef97489646049ef9a105891ef159d9a315ca06d8aa
SHA51261a314fc537341f3ae123f36c79c0514087b7e422cf1c65e6d10e5a852d409a1c4c1b2a57616c5f902a2b00258e5977ea1b687aaf26a1395cb9be0ac8b9bf087