Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/04/2024, 03:01
General
-
Target
2024-04-06_f4d6a7a9562b27fad42d22afe6148308_mafia.exe
-
Size
384KB
-
MD5
f4d6a7a9562b27fad42d22afe6148308
-
SHA1
d2befb9b8269d3d97ed305a4aaf2680552af1086
-
SHA256
3bd4686c4cd43a9601a64ddffd47f53ed379d3ecb00393879a0cb835eb038321
-
SHA512
0f70c2835f4064d0301869ad8f0a1b719ce3d3c080e8dea50e9d2af1c53d3b9760918a92079a87266c823dae19a89d16c8549be4995028a06ba3ed517bf215e0
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHoYLJkIEJWZOImVYrXCePwMtf3hONZ:Zm48gODxbzxJkNEFHCaZfhONZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_f4d6a7a9562b27fad42d22afe6148308_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_f4d6a7a9562b27fad42d22afe6148308_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\90D6.tmp"C:\Users\Admin\AppData\Local\Temp\90D6.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-06_f4d6a7a9562b27fad42d22afe6148308_mafia.exe 2105DBE5F02820691ABB64D8FAE0E11098D1DB1C031F3BB73F684997F7D15EC3989CDF16D62D8DAECB6BC2A4DFDF4D699DD26B970AEE7BD416B9B80A663CDDF62⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD56c73f0d36d1124464c47319d5614ed7e
SHA1549f6a3845093e62596eb0973747779dfdd7fa46
SHA256d7e47af79c88da724ae8ddc927a86f9375445621e92a2669a2c1287f54a33268
SHA51210e97b4ded597b4a520aaff8bf505faf09789b4b0f10137073dee6e279ae9b73e8e9720916017df0624d07834cca8d254335f55def2476c1271b972efe9d4c90