Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25/04/2024, 17:34
General
-
Target
2024-04-25_aea79abbf1322d44a36e5620dbca9e61_mafia.exe
-
Size
486KB
-
MD5
aea79abbf1322d44a36e5620dbca9e61
-
SHA1
13ea4858ac10857bbfbf0529ca035463f83be7d9
-
SHA256
f383c32c3eca1206f0080757bcb009524ab7148fcb23cbb2659025ba57caca21
-
SHA512
bffa77f96f3cf180167927640f5c85980cc990e0f4113d37fb94ddf0927eb92f9ae1ab3004f455b4a5356a0b48108c0079c60e8fb7b2e0e5c6d25dcde6b22c7b
-
SSDEEP
12288:UU5rCOTeiDk157cEVR0JBoR44Of/ol6RXdMUNZ:UUQOJDk7rLOgQN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_aea79abbf1322d44a36e5620dbca9e61_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_aea79abbf1322d44a36e5620dbca9e61_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2093.tmp"C:\Users\Admin\AppData\Local\Temp\2093.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\220A.tmp"C:\Users\Admin\AppData\Local\Temp\220A.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\22C5.tmp"C:\Users\Admin\AppData\Local\Temp\22C5.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\23B0.tmp"C:\Users\Admin\AppData\Local\Temp\23B0.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\245C.tmp"C:\Users\Admin\AppData\Local\Temp\245C.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\25A4.tmp"C:\Users\Admin\AppData\Local\Temp\25A4.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\266F.tmp"C:\Users\Admin\AppData\Local\Temp\266F.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2759.tmp"C:\Users\Admin\AppData\Local\Temp\2759.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2853.tmp"C:\Users\Admin\AppData\Local\Temp\2853.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\293E.tmp"C:\Users\Admin\AppData\Local\Temp\293E.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2A09.tmp"C:\Users\Admin\AppData\Local\Temp\2A09.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2B03.tmp"C:\Users\Admin\AppData\Local\Temp\2B03.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"C:\Users\Admin\AppData\Local\Temp\2B9F.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2CD7.tmp"C:\Users\Admin\AppData\Local\Temp\2CD7.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2DD1.tmp"C:\Users\Admin\AppData\Local\Temp\2DD1.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2E5E.tmp"C:\Users\Admin\AppData\Local\Temp\2E5E.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2F58.tmp"C:\Users\Admin\AppData\Local\Temp\2F58.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3052.tmp"C:\Users\Admin\AppData\Local\Temp\3052.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\312D.tmp"C:\Users\Admin\AppData\Local\Temp\312D.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\31C9.tmp"C:\Users\Admin\AppData\Local\Temp\31C9.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3285.tmp"C:\Users\Admin\AppData\Local\Temp\3285.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3350.tmp"C:\Users\Admin\AppData\Local\Temp\3350.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\341B.tmp"C:\Users\Admin\AppData\Local\Temp\341B.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3488.tmp"C:\Users\Admin\AppData\Local\Temp\3488.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3544.tmp"C:\Users\Admin\AppData\Local\Temp\3544.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\362E.tmp"C:\Users\Admin\AppData\Local\Temp\362E.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\36EA.tmp"C:\Users\Admin\AppData\Local\Temp\36EA.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\37C4.tmp"C:\Users\Admin\AppData\Local\Temp\37C4.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\396A.tmp"C:\Users\Admin\AppData\Local\Temp\396A.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3A55.tmp"C:\Users\Admin\AppData\Local\Temp\3A55.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3B10.tmp"C:\Users\Admin\AppData\Local\Temp\3B10.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3BAC.tmp"C:\Users\Admin\AppData\Local\Temp\3BAC.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3C68.tmp"C:\Users\Admin\AppData\Local\Temp\3C68.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3D62.tmp"C:\Users\Admin\AppData\Local\Temp\3D62.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3DFE.tmp"C:\Users\Admin\AppData\Local\Temp\3DFE.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3EAA.tmp"C:\Users\Admin\AppData\Local\Temp\3EAA.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3F17.tmp"C:\Users\Admin\AppData\Local\Temp\3F17.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3FC3.tmp"C:\Users\Admin\AppData\Local\Temp\3FC3.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4040.tmp"C:\Users\Admin\AppData\Local\Temp\4040.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\40BD.tmp"C:\Users\Admin\AppData\Local\Temp\40BD.tmp"41⤵
-
C:\Users\Admin\AppData\Local\Temp\413A.tmp"C:\Users\Admin\AppData\Local\Temp\413A.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\41A8.tmp"C:\Users\Admin\AppData\Local\Temp\41A8.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4234.tmp"C:\Users\Admin\AppData\Local\Temp\4234.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\42A2.tmp"C:\Users\Admin\AppData\Local\Temp\42A2.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\432E.tmp"C:\Users\Admin\AppData\Local\Temp\432E.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\438C.tmp"C:\Users\Admin\AppData\Local\Temp\438C.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4409.tmp"C:\Users\Admin\AppData\Local\Temp\4409.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4486.tmp"C:\Users\Admin\AppData\Local\Temp\4486.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4503.tmp"C:\Users\Admin\AppData\Local\Temp\4503.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\459F.tmp"C:\Users\Admin\AppData\Local\Temp\459F.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\460D.tmp"C:\Users\Admin\AppData\Local\Temp\460D.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4699.tmp"C:\Users\Admin\AppData\Local\Temp\4699.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4726.tmp"C:\Users\Admin\AppData\Local\Temp\4726.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\47D2.tmp"C:\Users\Admin\AppData\Local\Temp\47D2.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\486E.tmp"C:\Users\Admin\AppData\Local\Temp\486E.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\48EB.tmp"C:\Users\Admin\AppData\Local\Temp\48EB.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4987.tmp"C:\Users\Admin\AppData\Local\Temp\4987.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4A14.tmp"C:\Users\Admin\AppData\Local\Temp\4A14.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4AA0.tmp"C:\Users\Admin\AppData\Local\Temp\4AA0.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4B3D.tmp"C:\Users\Admin\AppData\Local\Temp\4B3D.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4BD9.tmp"C:\Users\Admin\AppData\Local\Temp\4BD9.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4C85.tmp"C:\Users\Admin\AppData\Local\Temp\4C85.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4D11.tmp"C:\Users\Admin\AppData\Local\Temp\4D11.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4D8E.tmp"C:\Users\Admin\AppData\Local\Temp\4D8E.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E0B.tmp"C:\Users\Admin\AppData\Local\Temp\4E0B.tmp"66⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E88.tmp"C:\Users\Admin\AppData\Local\Temp\4E88.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\4F05.tmp"C:\Users\Admin\AppData\Local\Temp\4F05.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\4F82.tmp"C:\Users\Admin\AppData\Local\Temp\4F82.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\500F.tmp"C:\Users\Admin\AppData\Local\Temp\500F.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\509C.tmp"C:\Users\Admin\AppData\Local\Temp\509C.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\5128.tmp"C:\Users\Admin\AppData\Local\Temp\5128.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\51B5.tmp"C:\Users\Admin\AppData\Local\Temp\51B5.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\5242.tmp"C:\Users\Admin\AppData\Local\Temp\5242.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\52DE.tmp"C:\Users\Admin\AppData\Local\Temp\52DE.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\536A.tmp"C:\Users\Admin\AppData\Local\Temp\536A.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\53E7.tmp"C:\Users\Admin\AppData\Local\Temp\53E7.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\5464.tmp"C:\Users\Admin\AppData\Local\Temp\5464.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\5501.tmp"C:\Users\Admin\AppData\Local\Temp\5501.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\557E.tmp"C:\Users\Admin\AppData\Local\Temp\557E.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\562A.tmp"C:\Users\Admin\AppData\Local\Temp\562A.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\56C6.tmp"C:\Users\Admin\AppData\Local\Temp\56C6.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\5772.tmp"C:\Users\Admin\AppData\Local\Temp\5772.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\57DF.tmp"C:\Users\Admin\AppData\Local\Temp\57DF.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\585C.tmp"C:\Users\Admin\AppData\Local\Temp\585C.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\58C9.tmp"C:\Users\Admin\AppData\Local\Temp\58C9.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\5966.tmp"C:\Users\Admin\AppData\Local\Temp\5966.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\59E3.tmp"C:\Users\Admin\AppData\Local\Temp\59E3.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\5A7F.tmp"C:\Users\Admin\AppData\Local\Temp\5A7F.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\5B1B.tmp"C:\Users\Admin\AppData\Local\Temp\5B1B.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\5B98.tmp"C:\Users\Admin\AppData\Local\Temp\5B98.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\5C15.tmp"C:\Users\Admin\AppData\Local\Temp\5C15.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\5CC1.tmp"C:\Users\Admin\AppData\Local\Temp\5CC1.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\5D4E.tmp"C:\Users\Admin\AppData\Local\Temp\5D4E.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\5DCB.tmp"C:\Users\Admin\AppData\Local\Temp\5DCB.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\5E48.tmp"C:\Users\Admin\AppData\Local\Temp\5E48.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\5ED4.tmp"C:\Users\Admin\AppData\Local\Temp\5ED4.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\5F42.tmp"C:\Users\Admin\AppData\Local\Temp\5F42.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"C:\Users\Admin\AppData\Local\Temp\5FDE.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\606B.tmp"C:\Users\Admin\AppData\Local\Temp\606B.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\60F7.tmp"C:\Users\Admin\AppData\Local\Temp\60F7.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\6174.tmp"C:\Users\Admin\AppData\Local\Temp\6174.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\61E2.tmp"C:\Users\Admin\AppData\Local\Temp\61E2.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\627E.tmp"C:\Users\Admin\AppData\Local\Temp\627E.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\630A.tmp"C:\Users\Admin\AppData\Local\Temp\630A.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\6387.tmp"C:\Users\Admin\AppData\Local\Temp\6387.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\6414.tmp"C:\Users\Admin\AppData\Local\Temp\6414.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\6491.tmp"C:\Users\Admin\AppData\Local\Temp\6491.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\651E.tmp"C:\Users\Admin\AppData\Local\Temp\651E.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\65AA.tmp"C:\Users\Admin\AppData\Local\Temp\65AA.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\6627.tmp"C:\Users\Admin\AppData\Local\Temp\6627.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\6695.tmp"C:\Users\Admin\AppData\Local\Temp\6695.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\6712.tmp"C:\Users\Admin\AppData\Local\Temp\6712.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\677F.tmp"C:\Users\Admin\AppData\Local\Temp\677F.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\680C.tmp"C:\Users\Admin\AppData\Local\Temp\680C.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\6889.tmp"C:\Users\Admin\AppData\Local\Temp\6889.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\6906.tmp"C:\Users\Admin\AppData\Local\Temp\6906.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\69A2.tmp"C:\Users\Admin\AppData\Local\Temp\69A2.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\6A0F.tmp"C:\Users\Admin\AppData\Local\Temp\6A0F.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\6A9C.tmp"C:\Users\Admin\AppData\Local\Temp\6A9C.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\6B19.tmp"C:\Users\Admin\AppData\Local\Temp\6B19.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-