Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 02:42
General
-
Target
2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe
-
Size
476KB
-
MD5
67084a7559fa7e0a9e0edce2455e6a9f
-
SHA1
72238d993d9b40f398cd7f1f8b6e9b86e6674445
-
SHA256
abe7eec07bdaaef2e36f404d9f12821d8bf5cdb69db9e833c64d7fd2ca5dab1a
-
SHA512
99f742f0bc25e26673b9e05b51f7ed93e224bcb46a4eececd3f0e04f3334291d01c3b41c8ad6b45aad1f103059b8c0f48334a5ee7fc537dd2f2d0a95335d035d
-
SSDEEP
12288:aO4rfItL8HR9dKUvkPDtZxn49ARKFDszVVQ2em7K9wlsDpVFd:aO4rQtGRfMPDXeepg2x+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\441D.tmp"C:\Users\Admin\AppData\Local\Temp\441D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe FFEB3B37DEAB8750675D6D8C226D03FD401750C4E4A4376C8BF7F01466A2007EB0AF0AD539DEF52B734B4D8853CAFD811B90625D9B3C89EA075CB201BA0983D32⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5e8dc545eb800b0cd64b1c742ecaa257d
SHA1cd2345530274ca6e35efa377d83f7a3afca1d64d
SHA256a8f56172329fb82ef3af85f03279fc050a31bea13379e4635108e73a59e88199
SHA512561bf44ce4d8209b8afc34fd8bb28b25fe8ce3cf5e9505b76b7061c37ce6b64faaec65c0ef44ae6416c7e7a85c2fb97f6adb01ce0cae992e85e596e1676cb842