Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/03/2024, 09:50
General
-
Target
2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe
-
Size
660KB
-
MD5
9fe51f2b0d65ec671c1c7c397a54592d
-
SHA1
613b0592071dddb3c14647654ccb8c52017663b1
-
SHA256
9004812cf3847105a5a3413e2da82dbeb3086c741637e2c20a2af729ef8d8da3
-
SHA512
074951b6e3e70410d71803bcb865f57e76ceb4ce2753f89884b4eb96915a66656e9971bb7bab02bffb7f065c084370ab689fdb453d21072e6b9252abe912cf77
-
SSDEEP
12288:NO4rfItL8HPr2cRBnhX/2QJxgVt3Izr7tx7qg3kdI4S47ioeB/nNTnVW7vyk7:NO4rQtGPScRBt226Rsr5x7qg3kdI4Z7r
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5512.tmp"C:\Users\Admin\AppData\Local\Temp\5512.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe E329F7C165151878BC14F8F16968A1FEE26B34F7F59CA7D3E83228FBA1C7C45FE01BC539B68DF08E7C525BFC8A1AF279BD76AE64AD9457D05BB39D3D9055C9682⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
660KB
MD5e9dfd69a7b699c8e11b7dbb8b469c65b
SHA1b039100cd599773b3a91b82060ebf2afaa2fee61
SHA2564da47fc8b5637b856ded7e56593eea9ac109112982092f77f55ec06a66dd0164
SHA51252c59bf891d362ff8a7638a80aad67237915339242acf8a71162b150c2a7ed1f2541610e5bb7d74f827ad47d65d33f2366bb74fa32ffd715dfe5b0f45f3f8a35