Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/04/2024, 20:37
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe
-
Size
428KB
-
MD5
d264a2063419ca532893f7206744fc7b
-
SHA1
021ff132760ef3691825021e4ff979fac615b7b3
-
SHA256
92ecd33e572c7cb92caad6d6adc18b3ca1f549fc56c16ab2b0198f7f7f36e9c5
-
SHA512
e1825194fa80259deece66a416fbc78ad02d350a604543c00411166c4b477d9261d39bed9c977d4933c411aaabaffe192918036a31eb70f873f2760f184901fe
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFQULz8WgJkgA9Y0+i2qOwSkm86nYl/wpqHR:gZLolhNVyEELz8NboSkYpqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2816 91D4.tmp -
Executes dropped EXE 1 IoCs
pid Process 2816 91D4.tmp -
Loads dropped DLL 1 IoCs
pid Process 2508 2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2816 2508 2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe 28 PID 2508 wrote to memory of 2816 2508 2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe 28 PID 2508 wrote to memory of 2816 2508 2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe 28 PID 2508 wrote to memory of 2816 2508 2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\91D4.tmp"C:\Users\Admin\AppData\Local\Temp\91D4.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-04_d264a2063419ca532893f7206744fc7b_mafia.exe C8BCD769A4500D71220789B2101DA8E824FA591543949FEC106DD3681C5E9BC93C5BFFFD899A17DE3CCB4251849E890B4CD6D7108B386FBD77A6C1ED83260C072⤵
- Deletes itself
- Executes dropped EXE
PID:2816
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5de9e8bd57335ec52b4e63da92acd8e42
SHA141bfb0a4c5008496bc47ff02cd8b611439d3fd99
SHA2565b070f6db764eb68a706f89fbc3f261874c4ea4fcec2d2a62346031df2d4a6e0
SHA51242540d6031395f2c5cbf8d732d5def5d055f62b16037b760e9f4b468031da75fd4b32fc9b33995d7f05fa3e69ff58fb49335e3d0a3a9019bf441aec238f4eb52