Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
03/05/2024, 10:28
General
-
Target
2024-05-03_9ae84d551cc863e308b6724107d9b2ec_mafia.exe
-
Size
428KB
-
MD5
9ae84d551cc863e308b6724107d9b2ec
-
SHA1
7ac03f3c8ea343df8fd0a9fbe35d2f2e4f1d9d2f
-
SHA256
5f42ce6f0197244ed7e8c4260821a4704dc2fde88e6d4fe03cb9ff744e4b9c0f
-
SHA512
d971b40028e9de4d22f2cd08af01c451c4bf423119b9ade1a0c03d75c0ed1795b7071390f9d529a7f7c359af4afb0fac9d9351c3276bc4ea7214aa7648586746
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr7F9nKItKg5LXlzvswl:BL4tBekiuVr7blKg5L1Yw
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-03_9ae84d551cc863e308b6724107d9b2ec_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-03_9ae84d551cc863e308b6724107d9b2ec_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3D8.tmp"C:\Users\Admin\AppData\Local\Temp\3D8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-05-03_9ae84d551cc863e308b6724107d9b2ec_mafia.exe A020D63E08DB5606F41F8F3AFE99FE7AC428ABDE8236CE0A40BC4AE3461ADAB60A02D5C0A113857736098C2A76B2E7BD46AC9FEE05683F963972183B5512851E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD51eaf283f909d92d39e9309e47dc83f55
SHA1856834a4d89e56d202ebbbe5ae2886d304e80bec
SHA25649c7c621a84a5f9e992af7c00e589d5a3c56ba7fdeee4cfb98ac153a180ccf6a
SHA512de49721b5501d22fed92b7def7d97ce1f0d4edff45deec9d55ef355f4328a4304866e8b29fb94aeaf0d23fda3a492f7b57b9fd0236ee0fc8a0d55e2b6f3f2652