Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/03/2024, 09:50
General
-
Target
2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe
-
Size
660KB
-
MD5
9fe51f2b0d65ec671c1c7c397a54592d
-
SHA1
613b0592071dddb3c14647654ccb8c52017663b1
-
SHA256
9004812cf3847105a5a3413e2da82dbeb3086c741637e2c20a2af729ef8d8da3
-
SHA512
074951b6e3e70410d71803bcb865f57e76ceb4ce2753f89884b4eb96915a66656e9971bb7bab02bffb7f065c084370ab689fdb453d21072e6b9252abe912cf77
-
SSDEEP
12288:NO4rfItL8HPr2cRBnhX/2QJxgVt3Izr7tx7qg3kdI4S47ioeB/nNTnVW7vyk7:NO4rQtGPScRBt226Rsr5x7qg3kdI4Z7r
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4229.tmp"C:\Users\Admin\AppData\Local\Temp\4229.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_9fe51f2b0d65ec671c1c7c397a54592d_mafia.exe FA735423F8391A4437C626CBAD5D4C2100FA8647BFD6812BFA35189C3E34ABC4BF36C25D0EC76CCEEC3AB57D85DE52485EFB2A7EF10650C78AF98FD6C529DBEC2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
660KB
MD505dcd5f2e2f707d4644d8a8f8e8d7cd1
SHA1019b4888b759e3c6447097bf413a07609d8e3da5
SHA2567204e5c52b2e59b6d7cc3bc8ae46c6003e67c8401a3ec70e92299c394d705663
SHA51256fe577cfa1f7d59cd803c0d4e441a721c5bfacf92ccbbf147f7d2fe7c8aa9fd466af049ab16e9bf3305a64e792f76ef99f03e3ec18c981fa803848487959c21