Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/04/2024, 12:54
General
-
Target
2024-04-06_f30bf47900eb562aa4c8c9cbeab7b650_mafia.exe
-
Size
476KB
-
MD5
f30bf47900eb562aa4c8c9cbeab7b650
-
SHA1
dd8de92639f655f5bc2a3da3f7ef0a9c8da1c10a
-
SHA256
552667404bc2b49578951c3ae8499f5ae13ede3f53392483ac0fcb4e7aab0d54
-
SHA512
c5540d4da4bf33c6459f33c2bda2cb1333404a310220b7f9050a119ee35e2244d1ba5491d340e7a968df340c01687e8c52ae1617c028c09542ff648bbd2b932f
-
SSDEEP
12288:aO4rfItL8HRkwChaSbNdBpAx1LYaSBfHTn7K9wlsDpVFd:aO4rQtGRkXhFbNOLka0+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_f30bf47900eb562aa4c8c9cbeab7b650_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_f30bf47900eb562aa4c8c9cbeab7b650_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\68CC.tmp"C:\Users\Admin\AppData\Local\Temp\68CC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-06_f30bf47900eb562aa4c8c9cbeab7b650_mafia.exe 0B6CF0EC50FFBE5B6C120FA60C8F8427B3B50BCB038B142F48D29463838ED512530F9884DE5B9BD170561F8B6B6AF845079C4A7CFDBF75B49F81D110AC0A9BC92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD594efc86d691b87b41d90637dfb25c8eb
SHA1517a00016d3c15053af5d4a98f9adc2cadf155a6
SHA256ec69b678ad9bce25b86906aeaa90f9f93ac59297156dd520db1151b4b5f366c6
SHA5121101d5061d375de8150ec1d92c7001cb8c60c0536e7761b42feef142447a6a17b78e283c14cbcb9e61f3c23d99cc2229204ea11d7f85468fb726f762596679ba