Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
17/04/2024, 03:33
General
-
Target
2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe
-
Size
428KB
-
MD5
25fba4d104dc4bd40ee52da650f523b7
-
SHA1
b42e0fbded5d82f61e9e35c8129eaa6bc66f5d6c
-
SHA256
b731bfffaa861417c3c2b94fb227a766307a6b82f0b7ef2f2fc1c49582d18ac3
-
SHA512
4bdc47f82d09b873ff6856a2a7d2abb09008d05dc4e3447046c21af35728b08586c8def95452e5ca2d26bbca192d49f368fdfa83f7ed58b688902de9ea25510c
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr+Ts+yQcd9PuSod6Y3WS/Bntl:BL4tBekiuVr+Ts+ytPkbdBt
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\FD9.tmp"C:\Users\Admin\AppData\Local\Temp\FD9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe 867CCAF15AE17C5B0AABBE1F71CB48E1FD4F5983649AE53B69A7B80F6A0818D57B56895D3629D70E069024604B901DE70106473B087B53F47C887C91521812BF2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD58dc851658fa00940a7d53f0bf6b6e86f
SHA1b407f28f91964206e4f420122f144c808e4ddf3a
SHA25685f38d2d1701c3179e7bd7973529698aa4cc54d50523907d4f76a2a13c0a40fe
SHA5126ebb3ff9cbaebc7d398574f984b8c8a5d8d7416b635ab965ab5e3f897da79fd921ed271794ae5339bf106adb1b7631aab664d901724d52ec7cc981d324bff29e