Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/04/2024, 07:47
General
-
Target
2024-04-05_fa5f3c80627650b90c8466b703a0e944_mafia.exe
-
Size
479KB
-
MD5
fa5f3c80627650b90c8466b703a0e944
-
SHA1
bc4c563c594ee4cec96f9dcfb44c47c97c409ed7
-
SHA256
e2438213b322537a94aa05a93a8a732aed075bd1a2ffaa083aef48138c3c4f66
-
SHA512
205f06ac16998202ce1b2f2cd6b28da7ff4084798ccd3d0d3ee8d4c8eadd8d423e3d6b99ac75cf823aa6544440f5fcd7620385a58b02dc59cda894e9a4e46a11
-
SSDEEP
12288:bO4rfItL8HAaV0zJx7My+jkT+CNhx975UO:bO4rQtGAaqJx7MycgvVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_fa5f3c80627650b90c8466b703a0e944_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_fa5f3c80627650b90c8466b703a0e944_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5918.tmp"C:\Users\Admin\AppData\Local\Temp\5918.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-05_fa5f3c80627650b90c8466b703a0e944_mafia.exe 7343CD75325FA5A338ADB2019D5251A7C6A2A1A57B6C618B092B409DA018E1F2ACD8AD2CD86E63CB4486D03EA590A0014EDD4CA6465B1D0474D0D212556FA2972⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5e7f7d531bd226ce22bdba30ecbdd5968
SHA11ea671db4c8ccf08bbca3fd86112cc991f1f411f
SHA256799a057857e26997f8bdda19ec149824f13b03da237cf66e633eabf6fa3c6061
SHA5121c8c7b424d7aa76bae74229b1624ca3784ce2c1df8f56cbb8ea0faeecc8042d32ce919286041bee046dc52c73bd493586c13eec1993d9723036e3280ecaac523