Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
20/04/2024, 21:33
General
-
Target
2024-04-20_81f6cf83fa3744176c46bb1e93194391_mafia.exe
-
Size
411KB
-
MD5
81f6cf83fa3744176c46bb1e93194391
-
SHA1
8373b68e1a2b1a805b6de1da7213cbf77a1f8252
-
SHA256
04da44ecd8b37b1fc4ecfe49b4afa8f1be5efcf69f3d0fbb0c6468bfba50a911
-
SHA512
91953e09a0199f680317de8b1ce45e7e93b43cd93dd456723c8039f87ca9fa00fc76d7055ec352f9a081c59a2ecfa760f7b6e2699101215184075fa118982626
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFyd+EXJcW19qieTYiDwpzHqHI:gZLolhNVyEplZcuYie8iDwpzqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_81f6cf83fa3744176c46bb1e93194391_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_81f6cf83fa3744176c46bb1e93194391_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\11BC.tmp"C:\Users\Admin\AppData\Local\Temp\11BC.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-20_81f6cf83fa3744176c46bb1e93194391_mafia.exe 94F2563ECCC1579322DA6477C69E701020F7AEC1C0250888CAEC4BF1714AC389845C02FFC5C246E00F4259B4BB264A1260D7AA46F9165C4A2252E779416465572⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5a16a8f51ce6ced6672027c4309799489
SHA18e4259b3303e9ccafb7ad4496c287acc201602dd
SHA256815749e7c0a3e148ec4c407e102feb99ec62ac32d03cafbb41b010135eefcf6d
SHA512edcecda6eb43e658b2dcee534ffa25054e1137a817d797782e329b6c8cf5e1437c5786b5673e1887598d97885c13793debf37b9f5a468d26fa1e481ecb42f032