Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/04/2024, 22:24
General
-
Target
2024-04-05_381de8e80e4f0429674d794b5aafdf1b_mafia.exe
-
Size
479KB
-
MD5
381de8e80e4f0429674d794b5aafdf1b
-
SHA1
485591e0d2856481bee90c5b956c4a743a1c401b
-
SHA256
ee810903aecfdbf99f7afe8173ab694a5ed600c20b2a65f6a0c89bea02faf21a
-
SHA512
5c12c4ee034d8c65578bab40b325dd1750013a74c0ee70f013b0b5c78018cdb568a9a33de0f4d59b9474a1c9409c42fe1ab09c1a68aedd5519ac527380a20139
-
SSDEEP
12288:bO4rfItL8HAJmL366yNj5R55B2dBxTZxJt475UO:bO4rQtGA4L3m5b5ojt4VUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_381de8e80e4f0429674d794b5aafdf1b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_381de8e80e4f0429674d794b5aafdf1b_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5AD2.tmp"C:\Users\Admin\AppData\Local\Temp\5AD2.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-05_381de8e80e4f0429674d794b5aafdf1b_mafia.exe DF596042873A97D0B542CD7E1FAC30EB36DFA6E3B632D4CAFFDFD4972DA9C28041FD78F4A52094326C7DD92F3E1BF717DAC282799694F819934E538E83B3CDD32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD576c7f7a40a09f380eea21b55d7483ded
SHA10461629f444bf262c8db06ff17fc8f8b180530bc
SHA256ab37f151f1a10fc9abf0f6eb2a6c4ab7da6cd7827c009f6ce9fbfab8a6df7379
SHA51254d7f4dd9f2e73683e1db6ac4a6cb2459a250ba864eb68e3043eabbf258d73185d6524eef5d261ca618edf0abf08e836d9db05ace93a5ff30e2abb47e5c810ba