Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 04:08
General
-
Target
2024-03-26_fe50de311bb5addff9cec202492e809b_mafia.exe
-
Size
357KB
-
MD5
fe50de311bb5addff9cec202492e809b
-
SHA1
2e75a9f21c2c90db668e1cfc5b2f497dd9e0108f
-
SHA256
5b5a6a4adb4f4afbcbf5e0d575f563de161578fe9237037549bfecd5482740f5
-
SHA512
dfbff18f0ccbe55af4a11bc8d152554529bbb4c010d011356ccfe62d3930f3e08d3dc09951e43992456b49ebddb7d6f35223299274cdeeeee1928e1fe0cc9b29
-
SSDEEP
6144:dhWpj/jZfBCkEo/II3A2JFqQfFwBSg5L4mKoo65BfMn56PyII2J0rr6Y28tC6Lxg:dhWpj/jZfBCkEo/II3A2F9FwBXL0F65j
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_fe50de311bb5addff9cec202492e809b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_fe50de311bb5addff9cec202492e809b_mafia.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 4882⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3964 -ip 39641⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB