Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26/03/2024, 16:51
General
-
Target
2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe
-
Size
486KB
-
MD5
f8322fe3edee5d6028c6b908f896c286
-
SHA1
d37ee0177a29048a9568f862e530245930dca497
-
SHA256
744ca54e927d284bee875c14385478b9175c03a1f760cb9cd253844df2eefa0e
-
SHA512
f51cb553f93e8599fb9972e222d5f7ea5df564ee2d812b5289c59534bf559a422bc3d601762b6068700ab73f1af38b05de81aefb3ad0f749910b7493b85d25c1
-
SSDEEP
12288:3O4rfItL8HPgwAGO//3X0Pzvsqrue7rKxUYXhW:3O4rQtGPFA/HO0q33KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\148A.tmp"C:\Users\Admin\AppData\Local\Temp\148A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe 13623728B8A94900E23D15DE7409EEAFB231458C9FEA7719597805FECD85C2A0ED5EA7559E712DFE542B57D6AA659A1C7B28366488EA0157DFDF68D94ECBD0372⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5f70f414a1b511b0c6e9d34afe0cda136
SHA1ec8fe67addd36ca463f7f80f1bcba4d2d5e1d02b
SHA25646f71a38fb1f7e6fa2829a73e134589099f1dcd2894124708d3de07333dc7694
SHA5120b06cd487cc37f5d07310fdde88a6fa2db8a74b8acc11bd958f5eb0798f018783ac454a2d819a2e9bb9ac64fdc7f79b9e78278bea486ba840508fd836b7cf9b1