Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 12:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe
Resource
win10v2004-20240412-en
General
-
Target
2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe
-
Size
384KB
-
MD5
12810be911076e6a12a4b7fabc55c466
-
SHA1
ba775278b298a2b4100715fef9359e034b8632dc
-
SHA256
4ce4304ce3f34ddd2cf911f0b0aff8e3eb0d6ec963d0fc7bc3c4187dccdb06cb
-
SHA512
60506e9ec57e147f1a6853bdb826f335f7e8f5196a29e8532820f9edbf0ed2ffd4b6fdb3b983c5836bb8ef72955981f98f60a69ea66451ff21f0d2812d823cf8
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHJwdB7ntFGCsCbRbRKDx4uG7aZ:Zm48gODxbzfwj7nDGClbxRWWaZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 528 CB0C.tmp -
Executes dropped EXE 1 IoCs
pid Process 528 CB0C.tmp -
Loads dropped DLL 1 IoCs
pid Process 3048 2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3048 wrote to memory of 528 3048 2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe 28 PID 3048 wrote to memory of 528 3048 2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe 28 PID 3048 wrote to memory of 528 3048 2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe 28 PID 3048 wrote to memory of 528 3048 2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\CB0C.tmp"C:\Users\Admin\AppData\Local\Temp\CB0C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-18_12810be911076e6a12a4b7fabc55c466_mafia.exe EF60C3C64F35A57885E1594088FB7571FE45BA5437C314C50D17099134316B3B02A6141A41333D0204D6577CEF0E73E51F7E18FBA365665432FD54EFA21BE3682⤵
- Deletes itself
- Executes dropped EXE
PID:528
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD53c5fc1fb3822c14540e5600d99028bb1
SHA137b50bba275d80b3e7eaed52967d96ab01e4a78f
SHA256921afe2f4843f9c4e71ba4982f4508ab227c57e342c813a8ed05b8778b1f7c25
SHA512543d39db1979eb2a8fea38eea7bce41c86e647d351e6c106e0200fef17ae4da8b425d68426b2b71655fdd30a532e319afb15e1619cb24203a1317a628ba8476e