Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27/04/2024, 03:29
General
-
Target
2024-04-27_736bb4d74ec1166f23e66c3b9723affa_mafia.exe
-
Size
428KB
-
MD5
736bb4d74ec1166f23e66c3b9723affa
-
SHA1
692d30a630c8849eead4a30294944bf21a43b008
-
SHA256
964ebbd913bc7432714f72b5f7187f42f30f30d118f0e1441dce705fbdba3387
-
SHA512
9b693c9539006257b2d1544ce60704bcb72a2cbbaac206837fce155dc337ae657a405f9fde573a1f564cc2cd9c62f29c4b37228758d44e0a9561ea0e59954b1d
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr4wbaH0gC0x26HVePekidl:BL4tBekiuVr4/H0gLx2Coid
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_736bb4d74ec1166f23e66c3b9723affa_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_736bb4d74ec1166f23e66c3b9723affa_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DF5.tmp"C:\Users\Admin\AppData\Local\Temp\DF5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-27_736bb4d74ec1166f23e66c3b9723affa_mafia.exe 7059C08E5772981594D3361D6C301CEA78979FB707274E81080F9E12EE3771E8EEE8AD0CE37F3F2226433861E3B9F295BB6C4823A35D99C6F617EEDE46142E222⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5b24ad93491bddc090af36fc55d04ecf7
SHA1eadd73eed362c75324d825efd4c5e05df40bb7d0
SHA25607ef1b300d22e89b13b72065e15b36c29c338ca095c8f32ee4288260de0266c4
SHA512fe0b003d440af07261734f07c410305c792db23c02bff816a3fc10fb7fd130700e9f66cf396730b81036a35c9f545e661e3c0ef1243d38f298ab965e61b40a00