Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/04/2024, 11:31
General
-
Target
2024-04-09_432b8407354855a7089a820140d7b784_mafia.exe
-
Size
412KB
-
MD5
432b8407354855a7089a820140d7b784
-
SHA1
77c09450743edcb8bc1f62f86e1f7b6ed4e2dab6
-
SHA256
7d5b94df3147e1d0331005c0f08a5bea4a80805f1078d2f7e40fb912609cc0d2
-
SHA512
84378fc11b5b12fa055176b6334c7fee37ac0c3a85edca189808516c710b5b16ccbd5052a12b2a6013c19c2e23478d0dbd9eae2d55cfd4d44ae9f1fde554c388
-
SSDEEP
12288:U6PCrIc9kph5y/Cyh8g4sZSJWWeqzpjAEe1yZx:U6QIcOh5yaDTnJWWeqzpMET
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_432b8407354855a7089a820140d7b784_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_432b8407354855a7089a820140d7b784_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1DFC.tmp"C:\Users\Admin\AppData\Local\Temp\1DFC.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-09_432b8407354855a7089a820140d7b784_mafia.exe 0A24D2522BB57202A7E22B022DB15F36F6977CBC61DF32456A03F905FB04EFD7426BC089D65D75851076AF233067028ED000D276BF7C9F969C42F027FE51A8782⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5bdace9bf439258b0d6f95d67ab6ddca5
SHA19d56ee9d78df82d410ee29d4c31558c3840dd785
SHA2565badbcc7908a37be5380a77c5e15a940ef086706fddd6d80e9676e5645af70df
SHA5120738bec54148bf2703ad9e120538334e82ec4ec207a0d22dc89cf754f727f5972b276b3aaa01c1dce4feddb443f9ed7879900e72ffe7efa2ea53b9b67cd76229