Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 03:33
General
-
Target
2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe
-
Size
428KB
-
MD5
25fba4d104dc4bd40ee52da650f523b7
-
SHA1
b42e0fbded5d82f61e9e35c8129eaa6bc66f5d6c
-
SHA256
b731bfffaa861417c3c2b94fb227a766307a6b82f0b7ef2f2fc1c49582d18ac3
-
SHA512
4bdc47f82d09b873ff6856a2a7d2abb09008d05dc4e3447046c21af35728b08586c8def95452e5ca2d26bbca192d49f368fdfa83f7ed58b688902de9ea25510c
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr+Ts+yQcd9PuSod6Y3WS/Bntl:BL4tBekiuVr+Ts+ytPkbdBt
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\36DF.tmp"C:\Users\Admin\AppData\Local\Temp\36DF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-17_25fba4d104dc4bd40ee52da650f523b7_mafia.exe 16C006A030A8B3EBAFA36B36CD710129344C4D4D20841967B66E90C8A963407B7C4BC91FEAE7F7F957BCDB5D1EBB313E2A8DD109D266F64C3D430517EE3B6BEF2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5068c1a2fa013a5b2b975223ee563536b
SHA1b2d8eeea554ff2f66c2299f7027bf61a2f3581b8
SHA256f41085c6abc3cef2f280f1f36eb97dce94c8647efb26f648ffff9dee22e88f3d
SHA51287325193348e5539ddae08779909202d9a3cc414c4adc5caba8a70f1afb71e59bae996b94a4a9161f0cb79dc0e20d435befc29b74c64b4776d99312fbcfa6360