Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22/04/2024, 22:26
General
-
Target
2024-04-22_387b6d26132c390c5d67402805f49c0d_mafia.exe
-
Size
486KB
-
MD5
387b6d26132c390c5d67402805f49c0d
-
SHA1
cfa55b766caa485e7abcce6d428fca9e421a06a7
-
SHA256
583a7841b8999f1eda758cc12132dd31efd57fd2ccce9d3475d60f2c8e8d7cdb
-
SHA512
46c7203b04f20e53e3b3b29ce409b3857c3a0c3fb7307bc20a0da690755ee6eb95b60a9225de44641e03d68e9a676c58569d2d1219c5866ced70fb3e62dc884b
-
SSDEEP
12288:3O4rfItL8HPFmGx9OiWa9V7YP10pd/91MFxNDgt7rKxUYXhW:3O4rQtGPcsYiWanUP10X/91MBgt3KxUj
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_387b6d26132c390c5d67402805f49c0d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_387b6d26132c390c5d67402805f49c0d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\91D0.tmp"C:\Users\Admin\AppData\Local\Temp\91D0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-22_387b6d26132c390c5d67402805f49c0d_mafia.exe A11A8BC09537A1441C290F311EDB14DF3DB472812C4129BBAD4FF863ACF286E04CB4089D635BC7C151C0161822802535017AA8B61C515E8D9E5870983B3D2F9A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD59942d310c4e0d5f8e4be26bd6eb8cfb0
SHA1426c9a726f4ff56dad92ae6f4ac757d2c828ed7d
SHA2566f3a70731638276355f7e13fbfd5af6a74e5e5fb04f68b9f580e50b753d6d8f1
SHA5121cf964236bf33c86d76a1ff0e9f18ef483507a7ec9dc2e8a29f3631b1a46d4e460769cb0b072ab9735b760337a200b967db90e0cdc1ff36e5841b65636391371