Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-01...ia.exe

windows7-x64

7

2024-01-01...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe

  • Size

    468KB

  • MD5

    e8530d1045162038a997139cd598f0d6

  • SHA1

    096632288285f5982a05d21b17c1fe1f83467652

  • SHA256

    6d867dbb2bfc7a40abafc01efc581de1a7519cf82942ef5272be697edfab7a06

  • SHA512

    988171d258536e4567360bb7084c2bfc468a76828b0151eaf55b6e7da937edb4c96e1872b9d1b92c5c1be58cfeed257c9c4674502c18b46042e62961b0dbb551

  • SSDEEP

    12288:qO4rfItL8HG16zX2mX9vyZ4Nr0cmq7bWmeEVGL:qO4rQtGGM/XS4plmqumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\8DC9.tmp
      "C:\Users\Admin\AppData\Local\Temp\8DC9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe D060C608C177DE7E5488FF3022CABA170274003A86E67F568FE3632C1FF5A381C70406C9C412CFADA6E1E286AE34B0652F5591D55F631639E918C95E4055335A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8DC9.tmp
    Filesize

    232KB

    MD5

    ad83c20b4128a8c396243478847f569c

    SHA1

    86cd4df2eb672314d5b3cc0bc33d45bd0af62723

    SHA256

    23ace96f6afd2827d822eba1a714d769d621b26a96d124f0f0331571593df6e3

    SHA512

    b6097212af8fa804c2ab337b523a9cfc027cc1870090567a4a95c2d841a145eac1cdb367c20cda0a70d4ca482c17a5d83e531693b0ff5934f9e70f0e5ec05b55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8DC9.tmp
    Filesize

    342KB

    MD5

    97e98073525151b08f31c0ee106c3d68

    SHA1

    252a64ad01560f61925ec393d0613ffb09d1b563

    SHA256

    a6d0acd37ce54204420a301c394c08a9af662f44efc764393ae13e72375354cd

    SHA512

    6cd9e9165372780136ffc8c08a945af8fa740b796bd2252965ffb7f799cd6898369336fab757489e0090d3cae86e26156baab4e6834f3ec1961d4637a0521289

    Download Submit