Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21/04/2024, 01:30
General
-
Target
2024-04-21_e69073629899d7c356fc22a26dc7f055_mafia.exe
-
Size
384KB
-
MD5
e69073629899d7c356fc22a26dc7f055
-
SHA1
56623d26db5d93df2178a3fac2e34cba71b79d00
-
SHA256
ab97645a99f2d05b95483c67bead813da87303dc81a86eadc988688ed6cf70bd
-
SHA512
50b2bd3d453169be762a809de470f19b812dd55a4e4e0c70f4f4b5f2c1a25d43da39c1fd85cc484e3cd943202840687aa1436060faaf3138fe8220f66e088436
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHDJ7N1bxX0uQMdg0/a72x4ry+g28qCACNHuhZ:Zm48gODxbzrPlKMdtaCD+g28quNHuZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-21_e69073629899d7c356fc22a26dc7f055_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-21_e69073629899d7c356fc22a26dc7f055_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\81CD.tmp"C:\Users\Admin\AppData\Local\Temp\81CD.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-21_e69073629899d7c356fc22a26dc7f055_mafia.exe DA4E902A3AC6A8D0BA27F95225AD9CC5AA007831DF1CE33E1C97FF6E516AAAE2A2B21231FD75332B56289D0BC70434E85C1E3984E240F66E7DCF248FC7DE774B2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD54701acfde5b624b161e5882750288e21
SHA1ab0e9118c89d6b0a433dcc4f769999689096ebb5
SHA256571cb49d12696dd3c4a4468ea1c83a5ee1939ba5be1708e342f998cc54c27ef2
SHA5120e88921a47a6ab998bdce42b1fedbf5be6c5df431fa7f00879ae937dcc70ef8f9fbd4f96c3fd01b95ac18d6a72a1258a3456d556eb21db175daa757cf86a23d4