Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/04/2024, 12:45
General
-
Target
2024-04-08_ad2d30094b0c4bb7ec2c782e407db8d8_mafia.exe
-
Size
412KB
-
MD5
ad2d30094b0c4bb7ec2c782e407db8d8
-
SHA1
4bdf45c8f8e746d12deece7ca4053d5add50885e
-
SHA256
e89e148d0bd091f74707123abe8eb06ad2781bf4350bceedde4e190065425718
-
SHA512
c20eedaaf2b279e578178e04125749c114b7d13470256061b4779234987b4b0ae1ef52c5102ebb3b2780dd405b54a9035eb94168bdc57169cf7742977b2c784d
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnX1jd0jOcEqUaLrqP9BKduBul242d5I0gl9P:U6PCrIc9kph5xAFUaLrQPnAl261
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_ad2d30094b0c4bb7ec2c782e407db8d8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_ad2d30094b0c4bb7ec2c782e407db8d8_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3170.tmp"C:\Users\Admin\AppData\Local\Temp\3170.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-08_ad2d30094b0c4bb7ec2c782e407db8d8_mafia.exe DF3CED25436C7DE4E7D7F0996DD4A54F0A933A0B715F09B82F2B61615AC2DEF18AFCB1CFE3B971BF4247583A56CB7CF6B2C66E79DC3D90C985AC77A9975841682⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD599575226c334c4505b6cef106f264c97
SHA107104131ad1bac228cd0f455befc82b82452de70
SHA2560ca62e8c6c20df3836e4022ea875e4549cacdd4455f12f88428d72fae9a53d71
SHA512536dbf6620e96879b81cfed0f6438e204c638df16d61c882d47f823657392529255fa569778d2391f9d4373ccc5be1370b5b7305ad65d7fdd8241709353f9228