Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/04/2024, 14:36
General
-
Target
2024-04-15_42d7bfca75240b2536e67b05f7c18966_mafia.exe
-
Size
412KB
-
MD5
42d7bfca75240b2536e67b05f7c18966
-
SHA1
8a2711e09d1feecdfdb3f9dd31761a5d2007bb78
-
SHA256
08babed5ad9b607f104e6d022790daa34aecd8f8b4905ddf9851ece3b67e7a2f
-
SHA512
ed94416227ae0292fc1bf5fa45be0eb44611e4d7bc7e6502458d64a8185d63ba7e9b79b394ce20ff8cf52ddc9b0139ac7995c4a2fc47c31563a7365a16594295
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnaTth1vok663q/x67AvIK2QzmWGHf9m+wP:U6PCrIc9kph5qtrok663i67EIMiIT
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-15_42d7bfca75240b2536e67b05f7c18966_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-15_42d7bfca75240b2536e67b05f7c18966_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\64EB.tmp"C:\Users\Admin\AppData\Local\Temp\64EB.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-15_42d7bfca75240b2536e67b05f7c18966_mafia.exe FD0BD19C8EBF70D4ADAD8A17735DABA61F9AEB161EFD3ED169B7097AC09CD89807373BFC1C869A76568605219CC851A8F6B787F6F15967E0E6725253A6FF58B52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5aca1694703c0044d345ded8bfd75bfad
SHA1e37d923ec6ae652fc74fb95e51dfef81270ba121
SHA256dc0724e07e4fc069a5faf8e8497cdd9fb2a7c9824898ead1d051e5b2b0d4e65a
SHA5125ed873bc3f32b263d80d40787529559b055e3362b1e41190f05130ba0a4376692bfff9b3832ce8d668c981fd2d285c5b78f9767006c5842c73ffcbfc28a12672