Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
20/04/2024, 04:23
General
-
Target
2024-04-20_0d0108332fb0835a7ce2e95c76dd69b2_mafia.exe
-
Size
428KB
-
MD5
0d0108332fb0835a7ce2e95c76dd69b2
-
SHA1
2ec781035df82b53421cb9f7f476a3cb8b39b1a4
-
SHA256
41a56f0bb6a21e2f3d70757b378317f2d250c9f4ccb127aa029518dde17ee36f
-
SHA512
bc9bbac060f9da19dc762b684fc66537ebc61d52933c1c1fc242f4bd3406dee04c5afa10ef374420acfaad683bc13a49a16c89d2f5641a203a033886930affb9
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr5YoIE1lRPxRto1QL0DOKeuF8l:BL4tBekiuVrSo/nP3tD3K8
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_0d0108332fb0835a7ce2e95c76dd69b2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_0d0108332fb0835a7ce2e95c76dd69b2_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\36EE.tmp"C:\Users\Admin\AppData\Local\Temp\36EE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-20_0d0108332fb0835a7ce2e95c76dd69b2_mafia.exe 68C59BE9D652E2A24F45D0B8187B512B311E9804472C1BF70AABF0D57431A4F371FE6C8B8B666429C9B40372AD52A688B16DA7C53992030C214D241F8A620B1E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD59de3b8f875726118a0a536ff0c1b253b
SHA147fe6ccea6b3a966c8eb22ebf31136be24b5e810
SHA2563391d6a1974535b4c237a8cdb3caf500c93ae112cf804ffe6414531fd9d61ab4
SHA51294342083d5725e61e3fe6ddf2f09737cae0101cad977da47f5fddb363d882a6f33f630ab98d6b0e11133774f4b295eb263bcc00440c0a387306493d75dd3dc9f