Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26/03/2024, 01:25
General
-
Target
2024-03-26_2981f3f9ed487ad626b771175933994e_mafia.exe
-
Size
384KB
-
MD5
2981f3f9ed487ad626b771175933994e
-
SHA1
82cad0bdfdb51fe84f089b3a6754fc0a4736b2aa
-
SHA256
0e6a5c0ab6f453c2cdc97dceebcbd32ad4c6ca875f000f72af999eef1356f5a8
-
SHA512
12c8e0cecec0a1c844ff9ff35a29458848d574c5ed69adce80585e5f91dbc1bb8f609cfa02ee36c236fac85ef626aa923658e9dc6c29e7f6d93f14a7dde4d693
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHhMk87w2b0O8cmRxv4YUjb7pT/zlGno9Z:Zm48gODxbz/bq/bj8Lxvml/5GOZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_2981f3f9ed487ad626b771175933994e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_2981f3f9ed487ad626b771175933994e_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ED0.tmp"C:\Users\Admin\AppData\Local\Temp\ED0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-26_2981f3f9ed487ad626b771175933994e_mafia.exe 434F13E01022453AEB71619EA05005CD680069EC28852E4815B9325354DF75318669F430CAA08248D95673F5AD88AB538FC7559434147BDD616C1F34C0A1BFC52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD58696d1d3c665c9565618f46ab419b3d6
SHA19ebc514810ee40dbbfc9e5d1f2946789dbe9b2fd
SHA256ed02a2d24ff80251b395aedab6b04826e23c0eabe751898bc9728215d4649179
SHA512dfda11093aca41df54437df241ae7133e371d7344ef6491ac0f6d1aa345061aa37ea1b048f6973f99966bda06c56dfb2798d51bf553f3b036bbceb221d58e59d