Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 04:31
General
-
Target
2024-04-09_487ce40cf2c41f6e2f74addb8db97a12_mafia.exe
-
Size
433KB
-
MD5
487ce40cf2c41f6e2f74addb8db97a12
-
SHA1
4728dd29be0ab82dc9de995b45ed4004becdfa67
-
SHA256
0610b97a2d3cf5b6449a2deef5e5b8b4d25f7f08b6df47646b364b93fec4c87d
-
SHA512
fbbd0b98d80f6843245b4561139ecc77a6f48f7ffa36de9b207d00d9630545816bc8139812cc69404516bbbb37d9c09365905b413bb8cfcb279dc61b8dca44c6
-
SSDEEP
12288:Ci4g+yU+0pAiv+7+PFcHh/TNThBi0327xZeZ8nMXn:Ci4gXn0pD+6PS/ZNB67Hs8M3
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_487ce40cf2c41f6e2f74addb8db97a12_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_487ce40cf2c41f6e2f74addb8db97a12_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3B73.tmp"C:\Users\Admin\AppData\Local\Temp\3B73.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-09_487ce40cf2c41f6e2f74addb8db97a12_mafia.exe 4F12450C17D29BDD66E2F2BDF2A99277ABFC6475170B5DE68E303DFB3389D3C2451CA6D21178B52503A1CCB391F0D693F187C6B2017AF7FCA37DFC0901BFBBEA2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5fb3527a6fbe603ae1b188e33ec80cdba
SHA19a59db5fc7bb714ecdf26fcdb9c7be8aba71f4da
SHA256601a98be7e6eb876047c6c61b106dd8a3059b3919278ee2bec7d748d0b12aced
SHA512a539fb5379bbfda733a3a02e88b919de1bc5cc7cedb806d85800c485d90b97f7692f633df3c5132191b3fd012e22d2b297c83b32b9b386ab2401838db7f52eff