Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19/03/2024, 16:47
General
-
Target
2024-03-19_978362acfac63da8b890c247f593c103_mafia.exe
-
Size
444KB
-
MD5
978362acfac63da8b890c247f593c103
-
SHA1
5173f89c72cfe6c8c4a72cf43bf5bbfa5e689cd2
-
SHA256
21e91075be224ab1bb4bb96b07a133dae4c04eede1c560e5850388b837be13af
-
SHA512
6e3c10481e8ef2613a46d3170e1581f2dab424ff0d2e7918164b43a1f38f7c3150f5bacfd065725ff8f215baadd206192df9ce7c15ef27f9f05b7b5fb19dc380
-
SSDEEP
12288:Nb4bZudi79LSASmQWV7vU3/3JYhxhMdWPuePOA/J3A:Nb4bcdkLSASmjhvaZYHhuWR
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_978362acfac63da8b890c247f593c103_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_978362acfac63da8b890c247f593c103_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BD64.tmp"C:\Users\Admin\AppData\Local\Temp\BD64.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-19_978362acfac63da8b890c247f593c103_mafia.exe BBC2D5B880526805D066D42F0443D57952CFD20FCC1571748FAFB4C897FC3BEAA6E9EE633EC02FD0DAD3C3D746F45918E4B4A03393AB47AB4AB63D6EDF323EDF2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD591e523252a994837bb8ed063836bda11
SHA16441c89c0aaf8a304417121b1d4f2d5eb1d09849
SHA256c9791ce055d395525fa2e36f03065068cc05f62b6df1885d9ff1780b6f1c2a5b
SHA512dab349201fa805327b5fa1918eed45ee5714ad549a7eb2a6850570aa017b76391b84799c6032aacb4a68cba44876983ca25fa10987efb03445f1f4e885f4bf68