Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/04/2024, 07:38
General
-
Target
2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe
-
Size
412KB
-
MD5
ab2975ec49390c256d85c77584ba1785
-
SHA1
d29412bfdd7fc46bfee40fa4dbbe46f68ca03978
-
SHA256
55946175cfda56bddbdaa73b07532727bcb1df7cc5f4960dd6256988c210a726
-
SHA512
a1d0322e0329d96b6d4bee0bc480bf4257c5262a6474d5f4becef7b62d62be87089e1c98ae7216412ebea938433f60a6185cd9db0d9418848a2701360b0eac46
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnY/BetC7uUu9QFMMH+JsZDJijtvP3c1pfk/Ay2d:U6PCrIc9kph5K/wl9+JeWD4jNcL9y2d
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6448.tmp"C:\Users\Admin\AppData\Local\Temp\6448.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-06_ab2975ec49390c256d85c77584ba1785_mafia.exe 37D7329BC2D792E2C115A9A37A51C5C0FB123CEF65C9D777B26A591371A053358D4CB39C9A194D9A3FE1C758F0A30EF55A761E0DC832D4626FF18D716C0BC3A22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5fba7ee7f2dc5deb2bd7c5b8e2717107a
SHA17adaeb31ac98276cff9b38656c65a4a0260e1995
SHA25679c4f7b53bda4a2757c0bf95f5c2bb4cbb7eeeda1937b1decbf5969d2aa13f67
SHA512dd9d6b478cf22a94624a3818c6a07ee08870e78da4738b33e2650ecf9b0064504e26e297aa8d5d84645c4f80fd4e519ea6b132e34e242bb85402224a8429a2d8