Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/03/2024, 20:58
General
-
Target
2024-03-28_da3b3335b722d31a97d243b5cb0fa67e_mafia.exe
-
Size
412KB
-
MD5
da3b3335b722d31a97d243b5cb0fa67e
-
SHA1
b53779714959d76e01b80972abf025efaf7ab918
-
SHA256
4fbcf094cfd8d6d1aa856981c8039039468455f0a51fd66c4d1335294da1e9f9
-
SHA512
4bdb55363f70e4153706671356dc0bdaccb3a9fe6e32783b477f3e2affd000095330b651075d206ce8afc97f830f771b7a08bfe322492beef15acbdf9e5bad0a
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnPQBDQ1FGC1vFbJ5gS69j1qWfFkUTuUP:U6PCrIc9kph5RQBQL1n5glj1HuU
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_da3b3335b722d31a97d243b5cb0fa67e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_da3b3335b722d31a97d243b5cb0fa67e_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2BD3.tmp"C:\Users\Admin\AppData\Local\Temp\2BD3.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-28_da3b3335b722d31a97d243b5cb0fa67e_mafia.exe C44BFC4D0B93440CBADE9AB0139D96BA17700124F44311E32C9D11ED4DA33286BF2B740D243602FEF4AB143A6DDF1F21ADF467BE86AF163A1F8E3AE08E46A0672⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD59ff71320ada75f2bb8c5227e8213f70e
SHA1e1817e7647c49f5b39fca386cf1fdf4c4fd166a6
SHA256d5c3ed115ecc622e218a6d79dc9fa3cf5b0b993b964165a54401762de9e66ca6
SHA51299c1dda1977b1bb0cc84620eba0791d61d3922c7d5be60cc83eff8b9ad5a069dda38348ad7dfe7fe622a303026786270b30cdd95f6387b68909c1299d5d68caf