Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 05:35
General
-
Target
2024-03-26_5723b3d84846c56e93969c4f2dcc1e08_mafia.exe
-
Size
428KB
-
MD5
5723b3d84846c56e93969c4f2dcc1e08
-
SHA1
634f264247e8724d031ee0542a9b02dd452ff353
-
SHA256
44371882aa213bd06c376c34fec4434f0ce494022002b96d75a0e62e5ae33f1f
-
SHA512
921279c9cb1b34b1c5cfc43dcb2b886c3e58b3d029a5317fa5c8f3d682a79916c7f6b2b471d2a02a67e56de9700349e8f31728460cf38bf1445892ef4ec48fa6
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFBeRcAkCuUO+1CxsZ6ISkN0bTSrj4qHR:gZLolhNVyErcsuXICxsSkuAj4qHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_5723b3d84846c56e93969c4f2dcc1e08_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_5723b3d84846c56e93969c4f2dcc1e08_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3930.tmp"C:\Users\Admin\AppData\Local\Temp\3930.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-26_5723b3d84846c56e93969c4f2dcc1e08_mafia.exe B5F376818E576574B15EA243285F3B58141F04266D158654CFA9619A595D9ED93A7F6AC6CDD181822B6042489678634DAB653D08F10D8AD804FA47C5E18F88ED2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5bd9c020b71aed6955a266a7247e32588
SHA1423a5f0d3d1735bd3a3ff35dbdd0728cbba59b32
SHA256f9853ed2785aad453cab1fe078eeae3a2fdc60c3820c5337395b8855ef693854
SHA5122fbf5a9815e4813af88d84ca9e34f16afebccbbcd47f5caa812401f18f2f29310bfaad3bc809b5bc1d09c21aafeeea2475259baa990f80999819c140bcf54342