Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/04/2024, 00:45
General
-
Target
2024-04-06_787e619fa2904b3a3b4675b85fea3cf3_mafia.exe
-
Size
433KB
-
MD5
787e619fa2904b3a3b4675b85fea3cf3
-
SHA1
d6c43c84491f0ec71d776ffc387964dd36747f47
-
SHA256
2cb80e51da8d80fc692d7ac7279198e4261d84ea8a35282cb179903a3ccbbfca
-
SHA512
7b1b700c83af226278e788c966b39f2c77f51b9afc00c5595d5d1da221ca2ef0e714e8a1aeb0a0fb994b7d9151bed091f14e9bff2e3117b0acaa3dc032f83f76
-
SSDEEP
12288:Ci4g+yU+0pAiv+tIR42BRoV+exskk/MsEy01qUn:Ci4gXn0pD+tI+hVFY/wyQq0
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_787e619fa2904b3a3b4675b85fea3cf3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_787e619fa2904b3a3b4675b85fea3cf3_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\B18.tmp"C:\Users\Admin\AppData\Local\Temp\B18.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-06_787e619fa2904b3a3b4675b85fea3cf3_mafia.exe 2768ED492222ECC7D849DFE7B3ACC66EAC6F18A0A811095069B07EC35806996E62A57605528622A7A290663848246BA53191B35D17AD2C708731C796241998A12⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5c730d34516e53cbf823a8c64b1974117
SHA19d0862e7c5f074512607e6a6f86f37e55cac5c3d
SHA25653c17ea7ee970b7b7dde701984643e575e1d47fe664fc8287e19c0dfb787fcb4
SHA512f652ea3aeb2e201b07c9f6da4f9f62bd7dc2484da67dd74c047759486fded3da3c46edfca051a1d905bae7fba947aec341127ccbce679d23d8bbf7c57bbc5073