Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 16:01
General
-
Target
2024-07-08_05e99ef472f62baf524dbc601b29e22d_mafia.exe
-
Size
529KB
-
MD5
05e99ef472f62baf524dbc601b29e22d
-
SHA1
42b291b9db0bb57bab4b8cff09e8af18884c5f67
-
SHA256
411d3580372fad275d6ce336610816213d8338d1418e0e2f79ecea9c1fd584c8
-
SHA512
580f1a06c766f74e961e9c7a770022968908c92e9258169d89c7e5d4d7cc235413531cb3734b12db64e51e3931a100783d1ae75c2fc139d2bc2b86bfe1d7814d
-
SSDEEP
12288:NU5rCOTeijukT/YadtnrZT+BJmfNwfchTZwlH4Hp:NUQOJjVZTdT+bmfDTSlH4Hp
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-08_05e99ef472f62baf524dbc601b29e22d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-08_05e99ef472f62baf524dbc601b29e22d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\412B.tmp"C:\Users\Admin\AppData\Local\Temp\412B.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\41B7.tmp"C:\Users\Admin\AppData\Local\Temp\41B7.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4225.tmp"C:\Users\Admin\AppData\Local\Temp\4225.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\42C1.tmp"C:\Users\Admin\AppData\Local\Temp\42C1.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\437C.tmp"C:\Users\Admin\AppData\Local\Temp\437C.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4409.tmp"C:\Users\Admin\AppData\Local\Temp\4409.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\44B5.tmp"C:\Users\Admin\AppData\Local\Temp\44B5.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4532.tmp"C:\Users\Admin\AppData\Local\Temp\4532.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\45AF.tmp"C:\Users\Admin\AppData\Local\Temp\45AF.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\461C.tmp"C:\Users\Admin\AppData\Local\Temp\461C.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4716.tmp"C:\Users\Admin\AppData\Local\Temp\4716.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\47A3.tmp"C:\Users\Admin\AppData\Local\Temp\47A3.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\483F.tmp"C:\Users\Admin\AppData\Local\Temp\483F.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48EB.tmp"C:\Users\Admin\AppData\Local\Temp\48EB.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4968.tmp"C:\Users\Admin\AppData\Local\Temp\4968.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A14.tmp"C:\Users\Admin\AppData\Local\Temp\4A14.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4AB0.tmp"C:\Users\Admin\AppData\Local\Temp\4AB0.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B5C.tmp"C:\Users\Admin\AppData\Local\Temp\4B5C.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4BBA.tmp"C:\Users\Admin\AppData\Local\Temp\4BBA.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C27.tmp"C:\Users\Admin\AppData\Local\Temp\4C27.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4CE3.tmp"C:\Users\Admin\AppData\Local\Temp\4CE3.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D60.tmp"C:\Users\Admin\AppData\Local\Temp\4D60.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4DBD.tmp"C:\Users\Admin\AppData\Local\Temp\4DBD.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E3A.tmp"C:\Users\Admin\AppData\Local\Temp\4E3A.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4EA8.tmp"C:\Users\Admin\AppData\Local\Temp\4EA8.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4F25.tmp"C:\Users\Admin\AppData\Local\Temp\4F25.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4FD1.tmp"C:\Users\Admin\AppData\Local\Temp\4FD1.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\505D.tmp"C:\Users\Admin\AppData\Local\Temp\505D.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\50CB.tmp"C:\Users\Admin\AppData\Local\Temp\50CB.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5128.tmp"C:\Users\Admin\AppData\Local\Temp\5128.tmp"31⤵
-
C:\Users\Admin\AppData\Local\Temp\5186.tmp"C:\Users\Admin\AppData\Local\Temp\5186.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\51E4.tmp"C:\Users\Admin\AppData\Local\Temp\51E4.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5251.tmp"C:\Users\Admin\AppData\Local\Temp\5251.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\52BF.tmp"C:\Users\Admin\AppData\Local\Temp\52BF.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\531C.tmp"C:\Users\Admin\AppData\Local\Temp\531C.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\537A.tmp"C:\Users\Admin\AppData\Local\Temp\537A.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\53D8.tmp"C:\Users\Admin\AppData\Local\Temp\53D8.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5445.tmp"C:\Users\Admin\AppData\Local\Temp\5445.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\54A3.tmp"C:\Users\Admin\AppData\Local\Temp\54A3.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\54F1.tmp"C:\Users\Admin\AppData\Local\Temp\54F1.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\554F.tmp"C:\Users\Admin\AppData\Local\Temp\554F.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\559D.tmp"C:\Users\Admin\AppData\Local\Temp\559D.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\55FB.tmp"C:\Users\Admin\AppData\Local\Temp\55FB.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5658.tmp"C:\Users\Admin\AppData\Local\Temp\5658.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56B6.tmp"C:\Users\Admin\AppData\Local\Temp\56B6.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5714.tmp"C:\Users\Admin\AppData\Local\Temp\5714.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5781.tmp"C:\Users\Admin\AppData\Local\Temp\5781.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\57EF.tmp"C:\Users\Admin\AppData\Local\Temp\57EF.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\585C.tmp"C:\Users\Admin\AppData\Local\Temp\585C.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\58BA.tmp"C:\Users\Admin\AppData\Local\Temp\58BA.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5927.tmp"C:\Users\Admin\AppData\Local\Temp\5927.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5995.tmp"C:\Users\Admin\AppData\Local\Temp\5995.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\59F2.tmp"C:\Users\Admin\AppData\Local\Temp\59F2.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A40.tmp"C:\Users\Admin\AppData\Local\Temp\5A40.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5ABD.tmp"C:\Users\Admin\AppData\Local\Temp\5ABD.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B2B.tmp"C:\Users\Admin\AppData\Local\Temp\5B2B.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B98.tmp"C:\Users\Admin\AppData\Local\Temp\5B98.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C06.tmp"C:\Users\Admin\AppData\Local\Temp\5C06.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C54.tmp"C:\Users\Admin\AppData\Local\Temp\5C54.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5CB1.tmp"C:\Users\Admin\AppData\Local\Temp\5CB1.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D0F.tmp"C:\Users\Admin\AppData\Local\Temp\5D0F.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D6D.tmp"C:\Users\Admin\AppData\Local\Temp\5D6D.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5DDA.tmp"C:\Users\Admin\AppData\Local\Temp\5DDA.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5E38.tmp"C:\Users\Admin\AppData\Local\Temp\5E38.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5EA5.tmp"C:\Users\Admin\AppData\Local\Temp\5EA5.tmp"66⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F13.tmp"C:\Users\Admin\AppData\Local\Temp\5F13.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\5F71.tmp"C:\Users\Admin\AppData\Local\Temp\5F71.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\5FCE.tmp"C:\Users\Admin\AppData\Local\Temp\5FCE.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\602C.tmp"C:\Users\Admin\AppData\Local\Temp\602C.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\608A.tmp"C:\Users\Admin\AppData\Local\Temp\608A.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\60E8.tmp"C:\Users\Admin\AppData\Local\Temp\60E8.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\6145.tmp"C:\Users\Admin\AppData\Local\Temp\6145.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\61B3.tmp"C:\Users\Admin\AppData\Local\Temp\61B3.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\6220.tmp"C:\Users\Admin\AppData\Local\Temp\6220.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\628D.tmp"C:\Users\Admin\AppData\Local\Temp\628D.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\62EB.tmp"C:\Users\Admin\AppData\Local\Temp\62EB.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\6359.tmp"C:\Users\Admin\AppData\Local\Temp\6359.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\63C6.tmp"C:\Users\Admin\AppData\Local\Temp\63C6.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\6424.tmp"C:\Users\Admin\AppData\Local\Temp\6424.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\6481.tmp"C:\Users\Admin\AppData\Local\Temp\6481.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\64EF.tmp"C:\Users\Admin\AppData\Local\Temp\64EF.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\653D.tmp"C:\Users\Admin\AppData\Local\Temp\653D.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\65AA.tmp"C:\Users\Admin\AppData\Local\Temp\65AA.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\6608.tmp"C:\Users\Admin\AppData\Local\Temp\6608.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\6666.tmp"C:\Users\Admin\AppData\Local\Temp\6666.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\66D3.tmp"C:\Users\Admin\AppData\Local\Temp\66D3.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\6731.tmp"C:\Users\Admin\AppData\Local\Temp\6731.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\678F.tmp"C:\Users\Admin\AppData\Local\Temp\678F.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\67FC.tmp"C:\Users\Admin\AppData\Local\Temp\67FC.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\6879.tmp"C:\Users\Admin\AppData\Local\Temp\6879.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\68E6.tmp"C:\Users\Admin\AppData\Local\Temp\68E6.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\6954.tmp"C:\Users\Admin\AppData\Local\Temp\6954.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\69C1.tmp"C:\Users\Admin\AppData\Local\Temp\69C1.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\6A2F.tmp"C:\Users\Admin\AppData\Local\Temp\6A2F.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\6AAC.tmp"C:\Users\Admin\AppData\Local\Temp\6AAC.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\6B19.tmp"C:\Users\Admin\AppData\Local\Temp\6B19.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\6B86.tmp"C:\Users\Admin\AppData\Local\Temp\6B86.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\6BD4.tmp"C:\Users\Admin\AppData\Local\Temp\6BD4.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\6C23.tmp"C:\Users\Admin\AppData\Local\Temp\6C23.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\6C90.tmp"C:\Users\Admin\AppData\Local\Temp\6C90.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\6CEE.tmp"C:\Users\Admin\AppData\Local\Temp\6CEE.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\6D3C.tmp"C:\Users\Admin\AppData\Local\Temp\6D3C.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\6DA9.tmp"C:\Users\Admin\AppData\Local\Temp\6DA9.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\6E07.tmp"C:\Users\Admin\AppData\Local\Temp\6E07.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\6E74.tmp"C:\Users\Admin\AppData\Local\Temp\6E74.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\6EE2.tmp"C:\Users\Admin\AppData\Local\Temp\6EE2.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\6F4F.tmp"C:\Users\Admin\AppData\Local\Temp\6F4F.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\6FAD.tmp"C:\Users\Admin\AppData\Local\Temp\6FAD.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\700B.tmp"C:\Users\Admin\AppData\Local\Temp\700B.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\7078.tmp"C:\Users\Admin\AppData\Local\Temp\7078.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\70F5.tmp"C:\Users\Admin\AppData\Local\Temp\70F5.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\7162.tmp"C:\Users\Admin\AppData\Local\Temp\7162.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\71C0.tmp"C:\Users\Admin\AppData\Local\Temp\71C0.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\722D.tmp"C:\Users\Admin\AppData\Local\Temp\722D.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\728B.tmp"C:\Users\Admin\AppData\Local\Temp\728B.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\72E9.tmp"C:\Users\Admin\AppData\Local\Temp\72E9.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\7347.tmp"C:\Users\Admin\AppData\Local\Temp\7347.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\73C4.tmp"C:\Users\Admin\AppData\Local\Temp\73C4.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\7431.tmp"C:\Users\Admin\AppData\Local\Temp\7431.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\747F.tmp"C:\Users\Admin\AppData\Local\Temp\747F.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-