Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
08/05/2024, 17:41
General
-
Target
2024-05-08_7cdad0577898b7348f20771ffa7058e4_mafia.exe
-
Size
411KB
-
MD5
7cdad0577898b7348f20771ffa7058e4
-
SHA1
91db22cf9e7e1eca81f4588afc8bca7476a7c37f
-
SHA256
29b04b3c2fac407f11bdd1575aa53568c4c0587c17a3c38011c8cdc8c03b8a33
-
SHA512
fcefe09262c573c3a1ae863eb0113d42c56f65c337b58d534c7119209529b8da8ce5097158ebd7cb92e31c7f899770238ea92a12a6ed9caf086d91b60ed7cdf3
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFgh+nlIAANQd/+OnWHFC08Cy+lerBYJFqHI:gZLolhNVyEunlHANW/7WHxLy+l2B2qHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-08_7cdad0577898b7348f20771ffa7058e4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-08_7cdad0577898b7348f20771ffa7058e4_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3478.tmp"C:\Users\Admin\AppData\Local\Temp\3478.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-08_7cdad0577898b7348f20771ffa7058e4_mafia.exe E153781620194337AF5859231D1AE9BD87812BAA6959A4D030F98FB9820E3B244E17B050EAB9896748EE9A73D7D1EBD9433BF6DDC9D962D7AF7B6FAE8407D6822⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5fa01184d221e3baa731c4edcee2ddd36
SHA1c35cc50a90ef993469e230db73ee8968350fe411
SHA25690c5d600853c56ca8bbd92561d1efcc8a8ddcf67623ba775620643122a401456
SHA51279c4e2c57df893b0a031b5388995d701251e9ad67f6db5c4da6023d9c123f990d3a1bf5c2b0a9c4ff9e647e0d5e24069899c41414897ea3e0eb1a779cfabd1d8