Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25/04/2024, 00:09
General
-
Target
2024-04-24_f86768d03d3745d535709ee4a41bc61c_mafia.exe
-
Size
476KB
-
MD5
f86768d03d3745d535709ee4a41bc61c
-
SHA1
e49f8d440e6b228af383f29de1823b5ba863101c
-
SHA256
f35fc17e972cfcf1c8ac25949a4d7aa7425f1dc3a49268bfa073bff6bd9a6eb4
-
SHA512
84d836295ed7e776fea3d10e591d4666a5f15f91904e5d77fdffc2bcf858b70031a66fc03e36e5c63ed4e1ab15d129e70be8014a58790d0b69f87c42a7fdf108
-
SSDEEP
12288:aO4rfItL8HR0jAV42yLi+VeVsvVhuZdAeRz7K9wlsDpVFd:aO4rQtGR942WeVsvV+z+9wlsDpVFd
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-24_f86768d03d3745d535709ee4a41bc61c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-24_f86768d03d3745d535709ee4a41bc61c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\C738.tmp"C:\Users\Admin\AppData\Local\Temp\C738.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-24_f86768d03d3745d535709ee4a41bc61c_mafia.exe 45B3D8C1A2636247ED72B1B1918E68F6F69AB3BE7583E24356AC46F6F8E6DD44DC0C992B2E236BD486C5C3C58A33CF97B2C3FC7227D6E686EE662844FF13D24C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD530bfeb7033f179a9312fd0bc2594e7fc
SHA16258e308435709ff108efa83aceac7fe2df1b497
SHA25625a758f7390e7fc6ca0e32c46c3e1be3195a23d0d564d5141949e9748f402996
SHA512b8a446d4d11ededa285933352c21d118d398c423d642f9b4ba8a9417da9f7fe1302ed2096631dd7b93a9800bd3d022d367cae1041c7b4e6e3f969361d9c989f5