Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 07:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe
-
Size
412KB
-
MD5
ab2975ec49390c256d85c77584ba1785
-
SHA1
d29412bfdd7fc46bfee40fa4dbbe46f68ca03978
-
SHA256
55946175cfda56bddbdaa73b07532727bcb1df7cc5f4960dd6256988c210a726
-
SHA512
a1d0322e0329d96b6d4bee0bc480bf4257c5262a6474d5f4becef7b62d62be87089e1c98ae7216412ebea938433f60a6185cd9db0d9418848a2701360b0eac46
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnY/BetC7uUu9QFMMH+JsZDJijtvP3c1pfk/Ay2d:U6PCrIc9kph5K/wl9+JeWD4jNcL9y2d
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2196 5B1B.tmp -
Executes dropped EXE 1 IoCs
pid Process 2196 5B1B.tmp -
Loads dropped DLL 1 IoCs
pid Process 2500 2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2196 2500 2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe 28 PID 2500 wrote to memory of 2196 2500 2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe 28 PID 2500 wrote to memory of 2196 2500 2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe 28 PID 2500 wrote to memory of 2196 2500 2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\5B1B.tmp"C:\Users\Admin\AppData\Local\Temp\5B1B.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe E4481CE078D56DD53B1AE0C56F985690A0F364F6DF27BEB1A611F57727587CDAF867749142CF46A05DA211D0AFABA9B6F234B411069118CA15F8F9A2BD5848D52⤵
- Deletes itself
- Executes dropped EXE
PID:2196
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5c36a1bf7669e9bced26d54b591343153
SHA18b4e2e46d69e1b36e995baa667bb3f8af00bfbfa
SHA2560e719618d753d36321bf370c4f9d6b70054ac692628cb45bb022ae33bcdc2087
SHA5120a1bda1504db9513cb0e8293522c68f6ba7844914161206e6a2e70578e1bf1bb6c95c1786ad2089b1c8935ed5f2aec2e28e8c710d344c20c82b1c46752a33870