Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
18/04/2024, 22:25
General
-
Target
2024-04-18_6c312734af657e516a19ed945335548a_mafia.exe
-
Size
479KB
-
MD5
6c312734af657e516a19ed945335548a
-
SHA1
c4e179135b9fad51c8bbc6c93434620837366e07
-
SHA256
82cc042b7f25c2f7401c18340d7911f29a2208fb5731a5a25585a6947dfe98e3
-
SHA512
2d0a1d43b864692a642261830b185f7df031372e79070245c37d5b80d4fa9957e9991c8b01da071db7fe67697dd283d35ea0cd012a58aa3cd9725bc26e76fc6e
-
SSDEEP
6144:b9EyS4oMxIkjxcWqHtg88HARRJvP9VZ9raX3omshq6ZIhGoDxBYPcsMXbHb75UNY:bO4rfItL8HABvFteUq6ZuG0ey7b75UO
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-18_6c312734af657e516a19ed945335548a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-18_6c312734af657e516a19ed945335548a_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C8E.tmp"C:\Users\Admin\AppData\Local\Temp\C8E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-18_6c312734af657e516a19ed945335548a_mafia.exe 66768AFC3F1AF77797FEF8CDC253CFE7F397F6F04BB626F5CEDEAF849E354AF089918DF76C3706E613475ADCE918A5B76523902C6165EF31DF6B7EEBA998FFEB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5d82bf414466b6c4cf4efb0a3228a0495
SHA13d30bd52e0d148c41140026ee90c22b4af07f174
SHA25651c25bbc1f2c66e6737005fcd89d36f36d43c85d67837daa31949315c53cc79d
SHA51239587899e0dc4b7fc5b3993b418d1aa73f3cfb685ab93af50e87664e1e3a63162b8b6556aeb1f65752cf89d50d149c4c663c1484ef8166f83e11c358b78c86e5