Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/03/2024, 09:44
General
-
Target
2024-03-28_7dae6ea9cca41b3c21c75a4d9b4f14e2_mafia.exe
-
Size
412KB
-
MD5
7dae6ea9cca41b3c21c75a4d9b4f14e2
-
SHA1
dac131d5a979a8eb7a7524374bbe0f9d912f40a4
-
SHA256
7cec20ad006aa94af5d6e2b293ddac4ca51d7840f42f7ca21e324b977e4c60e1
-
SHA512
31460672b23ec247bf2951dc16d7222fd42b9fb3a332ac658e6aea105c76063c89eb83f7d3422e40102c320a1d2974738c4e4773148ecc44ce9d34286f425e41
-
SSDEEP
12288:U6PCrIc9kph5z++LOo++XY+sBHJrcafm:U6QIcOh5zv+kY+sBpr1
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_7dae6ea9cca41b3c21c75a4d9b4f14e2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_7dae6ea9cca41b3c21c75a4d9b4f14e2_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\64EB.tmp"C:\Users\Admin\AppData\Local\Temp\64EB.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-28_7dae6ea9cca41b3c21c75a4d9b4f14e2_mafia.exe 61CA19B33AB8F18F2622E3B66FC126DCA54E548AEC7C79CB4DCE472C858C24B7B61E9CC28A459818B5ADED1CEE8C348039E7618434CB5F74B9E0EA86E3B4DF2F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD59775c0d8e1c70cb7b6d5fbfb24cb8071
SHA1340473d72d3fb9494a7541a86c62a357528e73c3
SHA256a41d3115bc346552b15eabaa4d75e701fdc816a97b5d5c267df492ae43c23283
SHA5129fc7f9729847503a78c2e020209cf94752d49c21dd54c6a8d73c326c5bb74ce4898f9efe2a5614e77b9a7e0023614c2d4f933c57b87d3c0763a4356729ec8788