Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/04/2024, 11:58
General
-
Target
2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe
-
Size
412KB
-
MD5
7bb5c639c8a6faa10b467347e1b2353d
-
SHA1
1b30dd53a9a31d50708f8b9668b0e4cd36e2e2a0
-
SHA256
ae796fff3014dde0bb36318fa25aa78178fe8eea7c595c47c5de17bae4dfc702
-
SHA512
b16211e0e02ece8b526a98c5c58fb0fa9ae99a9b76cde10b66d57567b2e4028cf6679e3e7bb433b4545a11df630be6cd0c292fad8d396a3f5e1c9e74573e3a8c
-
SSDEEP
12288:U6PCrIc9kph5KUZ/0fmV8dR1qWCuuQU4KX:U6QIcOh5KqKmW/1qguV4K
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3A71.tmp"C:\Users\Admin\AppData\Local\Temp\3A71.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe 32B9F046FD51E183D815631CFF3B32195023A9CC6035E9A483B6E95343876807F454761B7375C14821A6F47D0228960C781AE9FA4559F819E3EFDF68098251912⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5cdc2988cb135ee9129e3b01d76d41513
SHA10b7b530d823cc9cd4ab628dc9abd68cdc2cdb2c5
SHA25607881769a9d7a86164ec2d4314db3c7237247c2df1379270d583b9ce4c83ab54
SHA512dd5e723a1c94601f018eb5c5e55de9379bb1cbafab276e90b0d26973358b523786ad465fcef93d6c627198871481c6f304933b9f327ec6ed9b7765f657c920c8