Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/04/2024, 07:44
General
-
Target
2024-04-18_7aa13040979e689429fdaf04f710e0ea_mafia.exe
-
Size
412KB
-
MD5
7aa13040979e689429fdaf04f710e0ea
-
SHA1
c56756c9b5582a8630a6e938fd3514d3d57d40a3
-
SHA256
a6a8072e55eadfaf592f4034ac0f1abfaf29bb233848fe82330bb8e50821ab51
-
SHA512
b96a59014f5c4a867aabf961918c26e6740ea9253ad039895da64aabb9b3a62686f4131fa36d950bc1ec8e749444cfaa00c8324ae665f5b94eaf2adc681b98b9
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZngIBYoOC9Y7ei12Un6g211o6UZLGhfLVtoP:U6PCrIc9kph5SuYoTWF18g216d
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-18_7aa13040979e689429fdaf04f710e0ea_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-18_7aa13040979e689429fdaf04f710e0ea_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\690F.tmp"C:\Users\Admin\AppData\Local\Temp\690F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-18_7aa13040979e689429fdaf04f710e0ea_mafia.exe CFE1A38BB08A72F4725F8286BA6443B1458C2CBACCA379044C24E245711C302196714A2F6C4BBBE52D24720D25BD2355FA39A163E74CA150396A8A79B1A49C822⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD52578d2a8a54772dec35d79a6389ea65e
SHA1d3d78f29ea878bbacf65fb41d387c338d4227799
SHA2562d0f660752745130241498ad9ed487870431d2366ff8b0a483c25c0ab7e9f205
SHA5125a1de5bd3ae076afa512f3bb1e66dad5192cb3fb420f93e3c751e320f0bb55f6664957240a8f99d1f16fa0c4398c8488d5153918f238ea56f2f9d26f1b73a181