Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26/03/2024, 12:37
General
-
Target
2024-03-26_5d53a97e5778543731ac9455b37e61a8_mafia.exe
-
Size
435KB
-
MD5
5d53a97e5778543731ac9455b37e61a8
-
SHA1
e2d9b9dd35985ae0d32f843a934a90fdcd3f3565
-
SHA256
9c3dfe947c9196487785f89ba11d118f3eb0c648cbc7c65e20b133ab252795f2
-
SHA512
fc28ed77bf65bd0b04b1d3569c65abca60fe5da815db5a268a83eab7a5dba3cef7536abaefb43a23c5b8960cd3d82efbed8c3acb928606af3ca8569d46ead163
-
SSDEEP
12288:fd4x+ePixnXQjPh9FrEVEYU8E6ksbFtw5kHsTd4VgVwP:fd4x+ePixAjPb5snjU5kHspzV
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_5d53a97e5778543731ac9455b37e61a8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_5d53a97e5778543731ac9455b37e61a8_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B14.tmp"C:\Users\Admin\AppData\Local\Temp\4B14.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_5d53a97e5778543731ac9455b37e61a8_mafia.exe D2B6C98912CA272BDDE3EDA43ACBFD03243ED1089C6C9EF7F4153E63A0C7FF6978F6B325A64939C3C7C89D01A159F1E3CD5F1C323E438FED65AF565D52CD18152⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD59469883248ae0676ea66d3cb6bdf3c4c
SHA19bde4d83f44129dca4214b784dcf196459f0adfa
SHA2568f1d4f8cc379489ec7d08c36f0d3a275c41d92fe6ccd158e9a8203ed3c86f705
SHA5129539fbb4c92523713efe89204aeae9c281d511a2318c034f97484b3428894c4ba8d72852b634ae3011e2ca2f2f1db8abd7d2c07e08817f8b37162e53ecb3e9c3