Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27/03/2024, 08:42
General
-
Target
2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe
-
Size
412KB
-
MD5
d483d66023011c4b7fa61a0a5ba81f5f
-
SHA1
666faec8a6546d516debe410e4a64d99cc1d3d1b
-
SHA256
4283780b9dc28a9fb9c7b40f9deea4e925b56d92ba32d9a36b799a20592b7944
-
SHA512
0a022d3bd6ddc667c2c81e94ca62b14dbdc23bc150709cc8e069c0e6447411a994cd6723a2cba4f6a6854a48896b3b05c9d0c44969eaadf65e6c50fe138e40e9
-
SSDEEP
12288:U6PCrIc9kph5uhme0fhXbQAAncolVZT60ue:U6QIcOh58WhLf4VZW0u
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8FB2.tmp"C:\Users\Admin\AppData\Local\Temp\8FB2.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe DFCFC5A5012CDB46CEF7B967F45044917A4129515F53AAE464CFB66C9732BD4DE397B031E30083BB3ECA82878023273FBAC90217674947AEDF56EFEFC541BE6A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD51f9b66ddf7e85aaacea83b217f45a6b6
SHA1ad7ea5b1c7ed4b0dc9f84c0973ccbbbd1758bff9
SHA2562d02c04663d8652940860482f611a1395671c54f02aec4d28028e3b7032ab369
SHA512e2e88f6c9478e3956608aedd2d5b2d7e4fad709bd48a952e0779a4ce64b592feb1fd98703626e9935ca0d993596dc6c6894eaf1cce7925aa659e1c398cbb7ba5