Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26/03/2024, 01:26
General
-
Target
2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe
-
Size
428KB
-
MD5
2d014afe36b8ebd6daf742b38243e7d5
-
SHA1
10dd02f9544c7ed5dfcfea7d513c8dbe9baafd84
-
SHA256
6ca9469280695776acd9418c22cde836dabccc02c6fe1894c14c5508221d1f2f
-
SHA512
d3221e83ccb5dc84c8a4a00e9a99e9c2cf7851726bf386a6535caa471d06d6d443d07ceb4949e7f15d1223d299652c7ae50a8bda16c495ce0b1941f2dca22934
-
SSDEEP
12288:Z594+AcL4tBekiuKzErvZeIkVTx7uyBcx9KJbl:BL4tBekiuVriNfyKl
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\99B0.tmp"C:\Users\Admin\AppData\Local\Temp\99B0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe 01FDB79CAED994047A6679CACDAE5DD396E3A09FAB24DD9C5C77AF85F356EBA479D11375AB99290ED10EB91EBD5F3C0C1CF18D2E17992BF49EFBC40058BF90A22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5ae4e58bd2f70d1629c91fb49e0404cf2
SHA1eae81d22bbe301225c02d89c7245612785467867
SHA256b17f524d256fb8d621180697b89eca74c58698fa3127146cfb5487624092d248
SHA5128b006557f29407361ac504263605e09c3247bac79dc83ffb16b9fd2fe18232f95136b9bd4daddba4bc4b6f1ea2b06f1a9ec22114589bf2be321cd08b3dd2ab35