Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19/04/2024, 08:28
General
-
Target
2024-04-19_6c7f7a4e2a52819d018dfb04acd04ec3_mafia.exe
-
Size
479KB
-
MD5
6c7f7a4e2a52819d018dfb04acd04ec3
-
SHA1
d7ad0f2f1666a7b9dc4832abc2f1b3c3a4760578
-
SHA256
cabbd281f9cd7e906caec895c9516823349cabc97e2e5b81ae56d1917a261df4
-
SHA512
6e098ea30e7953c0919d94a5e582f6777b4cc3200f338be72dfb857cf7aea5332bb0c89975f691c47a5738749bd2d46db422c12c1444840824a4accf4969f7c8
-
SSDEEP
12288:bO4rfItL8HA4fYlJRWirHGJS+3goz75UO:bO4rQtGA4fxKmcozVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-19_6c7f7a4e2a52819d018dfb04acd04ec3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-19_6c7f7a4e2a52819d018dfb04acd04ec3_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EC0.tmp"C:\Users\Admin\AppData\Local\Temp\EC0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-19_6c7f7a4e2a52819d018dfb04acd04ec3_mafia.exe F802C21C9E3AFE44024619EE830A2000CD86C14113D1FD12C8846C47EDBAFAAB3A002B1EB7464385B52C21399D62A2289247B0C5E15BF46FBA440B05FD9BE5BE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5b1b5c593425aac1bf9ce14506dc2cd6d
SHA1192df9e578856f4ceca6a9a90e412f0c56c91064
SHA256e49cb52e13f4b0c4a7f2c6c86c82c2dbbfbab7c6c60ccf2fe8da77e714d3e263
SHA512794745e0f786c76142a6b10e2486dde3836ea10b8e78b48f669e8a3458b242c3433c44b43a5f27d766dff0768c0dba35185d6186e33ea8e581f2187eef896e60