Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29/05/2024, 01:04
General
-
Target
2024-05-29_89dba48782b4a009a6c24fbb227cb22c_mafia.exe
-
Size
520KB
-
MD5
89dba48782b4a009a6c24fbb227cb22c
-
SHA1
7f727e89b0da6a6cb24a7fbf910d27107eb15922
-
SHA256
5e845b35271b2f8d541f50f44d654f451e170ffdb05c25705a082b34fd24636d
-
SHA512
cf3b340ed53f55c25ce287d4dcf872d2446a5e5c2113f89bbd745c1e4ee106abbe87a3f5cbfe49cdae7097a480b4d361601d30f7f9953b51ea2231e6f440b9c7
-
SSDEEP
12288:roRXOQjmOy7chz8KKCFLOJk9Wx9NSag6brj1vdPh8qNZ:rogQ9yGd3XQx9vbf1vdP+qN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-29_89dba48782b4a009a6c24fbb227cb22c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-29_89dba48782b4a009a6c24fbb227cb22c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4391.tmp"C:\Users\Admin\AppData\Local\Temp\4391.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\442D.tmp"C:\Users\Admin\AppData\Local\Temp\442D.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\44D9.tmp"C:\Users\Admin\AppData\Local\Temp\44D9.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4556.tmp"C:\Users\Admin\AppData\Local\Temp\4556.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4611.tmp"C:\Users\Admin\AppData\Local\Temp\4611.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\467F.tmp"C:\Users\Admin\AppData\Local\Temp\467F.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4873.tmp"C:\Users\Admin\AppData\Local\Temp\4873.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\491F.tmp"C:\Users\Admin\AppData\Local\Temp\491F.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\49AB.tmp"C:\Users\Admin\AppData\Local\Temp\49AB.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A28.tmp"C:\Users\Admin\AppData\Local\Temp\4A28.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4AC4.tmp"C:\Users\Admin\AppData\Local\Temp\4AC4.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B41.tmp"C:\Users\Admin\AppData\Local\Temp\4B41.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4BBE.tmp"C:\Users\Admin\AppData\Local\Temp\4BBE.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C1C.tmp"C:\Users\Admin\AppData\Local\Temp\4C1C.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4CA9.tmp"C:\Users\Admin\AppData\Local\Temp\4CA9.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D16.tmp"C:\Users\Admin\AppData\Local\Temp\4D16.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D93.tmp"C:\Users\Admin\AppData\Local\Temp\4D93.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4E3F.tmp"C:\Users\Admin\AppData\Local\Temp\4E3F.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4F58.tmp"C:\Users\Admin\AppData\Local\Temp\4F58.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4FC6.tmp"C:\Users\Admin\AppData\Local\Temp\4FC6.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5023.tmp"C:\Users\Admin\AppData\Local\Temp\5023.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\50B0.tmp"C:\Users\Admin\AppData\Local\Temp\50B0.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\515C.tmp"C:\Users\Admin\AppData\Local\Temp\515C.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\51F8.tmp"C:\Users\Admin\AppData\Local\Temp\51F8.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5285.tmp"C:\Users\Admin\AppData\Local\Temp\5285.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\52F2.tmp"C:\Users\Admin\AppData\Local\Temp\52F2.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5350.tmp"C:\Users\Admin\AppData\Local\Temp\5350.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\53EC.tmp"C:\Users\Admin\AppData\Local\Temp\53EC.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5488.tmp"C:\Users\Admin\AppData\Local\Temp\5488.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\54D7.tmp"C:\Users\Admin\AppData\Local\Temp\54D7.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5534.tmp"C:\Users\Admin\AppData\Local\Temp\5534.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\55B1.tmp"C:\Users\Admin\AppData\Local\Temp\55B1.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\560F.tmp"C:\Users\Admin\AppData\Local\Temp\560F.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\566D.tmp"C:\Users\Admin\AppData\Local\Temp\566D.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56BB.tmp"C:\Users\Admin\AppData\Local\Temp\56BB.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5719.tmp"C:\Users\Admin\AppData\Local\Temp\5719.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5776.tmp"C:\Users\Admin\AppData\Local\Temp\5776.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\57D4.tmp"C:\Users\Admin\AppData\Local\Temp\57D4.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5822.tmp"C:\Users\Admin\AppData\Local\Temp\5822.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5880.tmp"C:\Users\Admin\AppData\Local\Temp\5880.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\58CE.tmp"C:\Users\Admin\AppData\Local\Temp\58CE.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\592C.tmp"C:\Users\Admin\AppData\Local\Temp\592C.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\597A.tmp"C:\Users\Admin\AppData\Local\Temp\597A.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\59D8.tmp"C:\Users\Admin\AppData\Local\Temp\59D8.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A36.tmp"C:\Users\Admin\AppData\Local\Temp\5A36.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A84.tmp"C:\Users\Admin\AppData\Local\Temp\5A84.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5AE1.tmp"C:\Users\Admin\AppData\Local\Temp\5AE1.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B30.tmp"C:\Users\Admin\AppData\Local\Temp\5B30.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B7E.tmp"C:\Users\Admin\AppData\Local\Temp\5B7E.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5BDB.tmp"C:\Users\Admin\AppData\Local\Temp\5BDB.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C39.tmp"C:\Users\Admin\AppData\Local\Temp\5C39.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C87.tmp"C:\Users\Admin\AppData\Local\Temp\5C87.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5CE5.tmp"C:\Users\Admin\AppData\Local\Temp\5CE5.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D43.tmp"C:\Users\Admin\AppData\Local\Temp\5D43.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5DA1.tmp"C:\Users\Admin\AppData\Local\Temp\5DA1.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5DFE.tmp"C:\Users\Admin\AppData\Local\Temp\5DFE.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5E4C.tmp"C:\Users\Admin\AppData\Local\Temp\5E4C.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5EBA.tmp"C:\Users\Admin\AppData\Local\Temp\5EBA.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F18.tmp"C:\Users\Admin\AppData\Local\Temp\5F18.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F66.tmp"C:\Users\Admin\AppData\Local\Temp\5F66.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5FC3.tmp"C:\Users\Admin\AppData\Local\Temp\5FC3.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6031.tmp"C:\Users\Admin\AppData\Local\Temp\6031.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\608F.tmp"C:\Users\Admin\AppData\Local\Temp\608F.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\60DD.tmp"C:\Users\Admin\AppData\Local\Temp\60DD.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\614A.tmp"C:\Users\Admin\AppData\Local\Temp\614A.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\61B7.tmp"C:\Users\Admin\AppData\Local\Temp\61B7.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\6215.tmp"C:\Users\Admin\AppData\Local\Temp\6215.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\6283.tmp"C:\Users\Admin\AppData\Local\Temp\6283.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\62E0.tmp"C:\Users\Admin\AppData\Local\Temp\62E0.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\632E.tmp"C:\Users\Admin\AppData\Local\Temp\632E.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\638C.tmp"C:\Users\Admin\AppData\Local\Temp\638C.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\63FA.tmp"C:\Users\Admin\AppData\Local\Temp\63FA.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\6467.tmp"C:\Users\Admin\AppData\Local\Temp\6467.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\64C5.tmp"C:\Users\Admin\AppData\Local\Temp\64C5.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\6522.tmp"C:\Users\Admin\AppData\Local\Temp\6522.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\6580.tmp"C:\Users\Admin\AppData\Local\Temp\6580.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\65EE.tmp"C:\Users\Admin\AppData\Local\Temp\65EE.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\665B.tmp"C:\Users\Admin\AppData\Local\Temp\665B.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\66B9.tmp"C:\Users\Admin\AppData\Local\Temp\66B9.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\6726.tmp"C:\Users\Admin\AppData\Local\Temp\6726.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\6784.tmp"C:\Users\Admin\AppData\Local\Temp\6784.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\67F1.tmp"C:\Users\Admin\AppData\Local\Temp\67F1.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\683F.tmp"C:\Users\Admin\AppData\Local\Temp\683F.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\68AD.tmp"C:\Users\Admin\AppData\Local\Temp\68AD.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\690A.tmp"C:\Users\Admin\AppData\Local\Temp\690A.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\6978.tmp"C:\Users\Admin\AppData\Local\Temp\6978.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\69E5.tmp"C:\Users\Admin\AppData\Local\Temp\69E5.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\6A33.tmp"C:\Users\Admin\AppData\Local\Temp\6A33.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\6AA1.tmp"C:\Users\Admin\AppData\Local\Temp\6AA1.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\6AFE.tmp"C:\Users\Admin\AppData\Local\Temp\6AFE.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\6B6C.tmp"C:\Users\Admin\AppData\Local\Temp\6B6C.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\6BD9.tmp"C:\Users\Admin\AppData\Local\Temp\6BD9.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\6C47.tmp"C:\Users\Admin\AppData\Local\Temp\6C47.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\6CB4.tmp"C:\Users\Admin\AppData\Local\Temp\6CB4.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\6D12.tmp"C:\Users\Admin\AppData\Local\Temp\6D12.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\6D7F.tmp"C:\Users\Admin\AppData\Local\Temp\6D7F.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\6DCD.tmp"C:\Users\Admin\AppData\Local\Temp\6DCD.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\6E1B.tmp"C:\Users\Admin\AppData\Local\Temp\6E1B.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\6E79.tmp"C:\Users\Admin\AppData\Local\Temp\6E79.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\6F44.tmp"C:\Users\Admin\AppData\Local\Temp\6F44.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\6FB2.tmp"C:\Users\Admin\AppData\Local\Temp\6FB2.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\701F.tmp"C:\Users\Admin\AppData\Local\Temp\701F.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\708C.tmp"C:\Users\Admin\AppData\Local\Temp\708C.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\70EA.tmp"C:\Users\Admin\AppData\Local\Temp\70EA.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\7138.tmp"C:\Users\Admin\AppData\Local\Temp\7138.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\71A6.tmp"C:\Users\Admin\AppData\Local\Temp\71A6.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\7203.tmp"C:\Users\Admin\AppData\Local\Temp\7203.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\7261.tmp"C:\Users\Admin\AppData\Local\Temp\7261.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\72CE.tmp"C:\Users\Admin\AppData\Local\Temp\72CE.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\733C.tmp"C:\Users\Admin\AppData\Local\Temp\733C.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\73A9.tmp"C:\Users\Admin\AppData\Local\Temp\73A9.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\7407.tmp"C:\Users\Admin\AppData\Local\Temp\7407.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\7474.tmp"C:\Users\Admin\AppData\Local\Temp\7474.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\74E2.tmp"C:\Users\Admin\AppData\Local\Temp\74E2.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\7530.tmp"C:\Users\Admin\AppData\Local\Temp\7530.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\759D.tmp"C:\Users\Admin\AppData\Local\Temp\759D.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\75FB.tmp"C:\Users\Admin\AppData\Local\Temp\75FB.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\7668.tmp"C:\Users\Admin\AppData\Local\Temp\7668.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-