Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 19:28
General
-
Target
2024-03-19_1d8e293edb52bf94aee4832ddf23e0be_mafia.exe
-
Size
473KB
-
MD5
1d8e293edb52bf94aee4832ddf23e0be
-
SHA1
0d3704126759ccba3b51cd88872791cb8d65573b
-
SHA256
4ee235d6c9a39e250f566666b97614d73bb52da977939c86b906a6d132f04009
-
SHA512
2e22b2ae39a38230bf9cbe193ad4d109b3900fb623c1749bbe4c297d2de2413b44b67912c54ca489051f82cfbf0401b1720f5ab51a88b75fbeffaf46b15ee0ef
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStoIGmmyY1zBPqJs/x1hsQ8a/8UZv3350u5Mh:Nb4bZudi79LYtQBPM5aU1p67agfA0a
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1d8e293edb52bf94aee4832ddf23e0be_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_1d8e293edb52bf94aee4832ddf23e0be_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D84.tmp"C:\Users\Admin\AppData\Local\Temp\4D84.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-19_1d8e293edb52bf94aee4832ddf23e0be_mafia.exe 2BD690D9C05C2D695D43A66AAFA276735AE5EBA388C6D22E7AA2EE31560269A1657146AC4A9EF21A7480D0739A0082AE9629D746F537497C64199BDCADA619732⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD5c38c6f7af8e5df8a0dc0ebe470a32d78
SHA1673b07b91e5b3618b84796f4952da65a1d34ffe3
SHA2565fb19f04048f2f7fa7c7551b7bd886d2e6f5082c9012f06bd01d8e8fbda37007
SHA5126bff11ee632d8490638bd8a52e0c9699c6dd2a49d37c9b6313502511677ba62fdc20f325a6798f926d10793437b5d26c82310ff6f89c2968360453e725e26264