Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe

  • Size

    479KB

  • MD5

    60447936cde27d5b3b52546a97b41662

  • SHA1

    48b7bd953ec750ef9935153ed51c81cb86433266

  • SHA256

    e9d212c7d0084babb5bb9228f16656d7f191eb3fb150a45fdd855d9a876ff92f

  • SHA512

    4f8268996483ad1080156e2bf82a4e8b12f2e85b1bfc84e7044ef80dbfe5070e2f17bab6e112874008830df85708a3a0f1319d9072bf5a8d5b96e8676d36c49e

  • SSDEEP

    12288:bO4rfItL8HADbsCnp+vnYgM5yLR/QjzBJh+hCeo75UO:bO4rQtGADoCnAvnCsIzBKnoVUO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Users\Admin\AppData\Local\Temp\5032.tmp
      "C:\Users\Admin\AppData\Local\Temp\5032.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe C44A875BFF5DE649EEB88E304488EEAAA6DC61A788CC9DF41065BB4E0629E19C3A8438E4C663A00D3A7A144E6309C1014E10D48EACC7B513DB1853A846028022
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5032.tmp
    Filesize

    19KB

    MD5

    30defaf8a856f12de8900e07f960cdec

    SHA1

    744c018b9aa522a30c5945d3a58d0d81d542bcbe

    SHA256

    08fa4b9b3566ec36153f345574c6baf2aa20776e4731214bb548b8d44b7c3dbd

    SHA512

    2eab697f8bedc5ba30f56239ab939e2515eb1a6b7d6758d556cc22f595f27be67e60df380b87eed5dd8f5934553c6b5c87a9150336cf537381da7ed505ac9dca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\5032.tmp
    Filesize

    16KB

    MD5

    52957027081a923978d3440218ea45ae

    SHA1

    6c423922606605e6d108fb19aec0aa0bb1caa3ca

    SHA256

    06f24fabe3626dae19c86228fc29459efe040d880b4e8fb0fb7e5bba3c7285ab

    SHA512

    d798fcae3a9e886e4d706076c2d15fb58cc257949ddd39a2c70986de3992704b0465ade287f45d683c36248b76c95af063faecd5d0a8d0fb28238ba8540489c4

    Download Submit