Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/04/2024, 14:53
General
-
Target
2024-04-08_cc20bb4fa9a2f407711e7b9c2f0f028d_mafia.exe
-
Size
435KB
-
MD5
cc20bb4fa9a2f407711e7b9c2f0f028d
-
SHA1
ed5700b49713fde19a56fcd628eeffeb70872106
-
SHA256
731fd734a2aed52766eccf90cac3022d638d14fc9750b2c1a2209ef42cf0ba0f
-
SHA512
d1eb819150cb4bd7921b4a0c333e454356459f7940d8be481fec14b0e4612892ea2a6bd0585a50eacdcc67e4cbbe1098f6786e5e53a69e7771e7e51f5ae9f118
-
SSDEEP
12288:fd4x+ePixnXQjjSC0CQDNqroorLGQOewP:fd4x+ePixAj+bVN8rqQD
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_cc20bb4fa9a2f407711e7b9c2f0f028d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_cc20bb4fa9a2f407711e7b9c2f0f028d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3180.tmp"C:\Users\Admin\AppData\Local\Temp\3180.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_cc20bb4fa9a2f407711e7b9c2f0f028d_mafia.exe B19E25C083D4D902D24C8B0B72BA21E61997C84002AE733BC9628828768D765F3C895DEDE085615C94152C3DCDA7DA35B5F6C97032D47FA82732C270694894B22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD50d9f6edb5b7b0716fc6a88f016e92f76
SHA1117cf24c597d75eb869887f6b0d4d019a5a1f3a2
SHA256cb6d2f1c51c803d34ec61fc25b8459279f3c1b403f4f2adc396a5f9f26a5befd
SHA51267f90c8ecf477d5d03e941099cfa92a05431efda784d2f52d2a426ec412ec6d138da36e63519505a2f0eeb0d5858487d302ec7e0aff80e6637369f693e9bbe7c