Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/04/2024, 11:58
General
-
Target
2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe
-
Size
412KB
-
MD5
7bb5c639c8a6faa10b467347e1b2353d
-
SHA1
1b30dd53a9a31d50708f8b9668b0e4cd36e2e2a0
-
SHA256
ae796fff3014dde0bb36318fa25aa78178fe8eea7c595c47c5de17bae4dfc702
-
SHA512
b16211e0e02ece8b526a98c5c58fb0fa9ae99a9b76cde10b66d57567b2e4028cf6679e3e7bb433b4545a11df630be6cd0c292fad8d396a3f5e1c9e74573e3a8c
-
SSDEEP
12288:U6PCrIc9kph5KUZ/0fmV8dR1qWCuuQU4KX:U6QIcOh5KqKmW/1qguV4K
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\560F.tmp"C:\Users\Admin\AppData\Local\Temp\560F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-05_7bb5c639c8a6faa10b467347e1b2353d_mafia.exe 36E2F0D4F820AF34BF2B4016B7E200D8F0BDB874868643E69C47F6EB3AF4B150591FBF5EA2A4BC3DE782257A0C3ECE708E858471F6917C74A77FD74CECD689642⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5f84f71e0effdfaa881708512c0673e00
SHA19204e683facc1264407dabe5d2e718f53768cc45
SHA25670b2a815c291c1497ebc5492611793f3266637bbe923164ba0bece138ffe17b5
SHA5129268e89387b26bdb93146a5fd2d79d2d032977464ccda53c20c00ea6efb4535fff1010ac667950d5b3e02931bfe5742c2345236519872b87aedd8ffc1fbac7a9