Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 18:36
General
-
Target
2024-04-10_48636da073ea7a2e2c0b8e4e6a4532ca_mafia.exe
-
Size
486KB
-
MD5
48636da073ea7a2e2c0b8e4e6a4532ca
-
SHA1
bc207cfc9e2c79f013dbd50752f8fbc836bc43cd
-
SHA256
217365680d20a1307bf7563d4c1d1309d65ca6fa772a85fa7df8ffc7fc126f36
-
SHA512
dda94396f95d85b9ef318e448302062e9fddef185ca13af84cb9237843979386d2c289c5ca8bbef6a72ed9f959f87fe1ad62edfe09206573023bb066e7051681
-
SSDEEP
12288:3O4rfItL8HPSknhGe6eJ7Wgr8AD6rmy0ysLKoG7rKxUYXhW:3O4rQtGPSI4eT9WgrNWoG3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_48636da073ea7a2e2c0b8e4e6a4532ca_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_48636da073ea7a2e2c0b8e4e6a4532ca_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3180.tmp"C:\Users\Admin\AppData\Local\Temp\3180.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-10_48636da073ea7a2e2c0b8e4e6a4532ca_mafia.exe A6A873F3F389129C7C90AFA78F6298D8EA16319453558E006B6EB268315BFC40698B48A3FDCF5980B411E5ADF5A6D6D1CFF2C1BD36548C056F308ED307B194252⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD56dd98754f07cc3b31afe91d074126ded
SHA1735a1c5e32be41bb4a590204265aa8e1cc89fa5c
SHA256ab1e073b67b6d8bf2d6a9f9f09ce799bce468147527c3e82267c90469eb38970
SHA5126f2d495bef93fe64e87a16a7033a2202a3c830559ea73990190614a6f7042f76364e4c4b32abe32343a744f16023276695efa5f0433319b05982f777122622fb