Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 20:53
General
-
Target
2024-05-16_be2f8bada2175d4a1d4f3df70bbf93a2_mafia.exe
-
Size
526KB
-
MD5
be2f8bada2175d4a1d4f3df70bbf93a2
-
SHA1
75e7d5de26301d0c8534afc9aa4fe6ced76d32cc
-
SHA256
b025383f48719ec12b83487f1fc81dc2a79be86c9017ebf7b5d20695351aef8b
-
SHA512
1c36afd155e3ad01344c09525d670a43d702d882e879bf4ca3b741973033f9639f34c415125f34e3c676ab05e3b8426d32c11742691900ab0326fbd52487ac5d
-
SSDEEP
12288:z6PCrIc9kph57Qi/0Md4dxsG52b/IoHPoz6Rkz:z6QIcOh5Ei7OB52b/BHi/
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-16_be2f8bada2175d4a1d4f3df70bbf93a2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-16_be2f8bada2175d4a1d4f3df70bbf93a2_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4F39.tmp"C:\Users\Admin\AppData\Local\Temp\4F39.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-16_be2f8bada2175d4a1d4f3df70bbf93a2_mafia.exe 81804388FDE239404EB06DC178CC7F160FE05505D4F4E54032F8D912E9E68CAF9C7B4EA9C15C6BAFEE189D7384EEF513E9FCFCEF8E87205C2AC3F9F1B729FFE52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
526KB
MD57028ea5bef8735bd8b688bdf7f9f9bf2
SHA1342362cbe31f7d14ea1a984fd0c4bc84b7e9b04b
SHA256c9d16e44c960ed71e2bd374c6a1282109acfc6afdf3e59120ab3b565ca5b1fc7
SHA51225a8c3e07693306dff6153328a90c123aed61c5a36b09b1662d0838499dc6da9ec8b9f4008279e78c7387f85aee64313e35ef266aae02fa050311817bc2eb403