Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 15:29
General
-
Target
2024-04-17_35c79a727e33363b023a84a210cf33e8_mafia.exe
-
Size
411KB
-
MD5
35c79a727e33363b023a84a210cf33e8
-
SHA1
d61819c91bb06d3ea38b7802ec5da4068bd7b46d
-
SHA256
d2e8e9529cfbd5d3164a6617d3b85e94dc45a65f708f878a01baba889362540e
-
SHA512
828208a9a5e9e2de27725e1084768d71073bf4d1452687e8a64e4345e9bf3a1a0251c8959ad5446aadb437b23900c1d42afb0c2e965d1035b7921e026cba5072
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFaZ6SB5cyi4+vZnVL3JhuFqH:gZLolhNVyEvB5cyizvjZhaqH
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_35c79a727e33363b023a84a210cf33e8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_35c79a727e33363b023a84a210cf33e8_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6012.tmp"C:\Users\Admin\AppData\Local\Temp\6012.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-17_35c79a727e33363b023a84a210cf33e8_mafia.exe DCD4B8F20B8B0D933DB76A654FCC39AABB454394940EF54F5455BEAED8778982FBC42608CB739F3FFDD77447F3C5127A63427F03AB9DBC03F6FCEEE7831E889A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD59ed295a13c746ce0662adec0dc075234
SHA17fc167dd98578e9eea75a32af19cdd92ad10cefb
SHA256f2e403a5ca38a4ee04a085d9660b65dbc75da68005f81cbe4e125e087874e690
SHA5123d074cf0b0a336ef9f9bfde30943769dab71830916a47527dd9961530fccd7576fe415fe2f0bde57b58ae13dc1085ec26a16b5540e9785b0af97dc785f5afaf7