Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe

  • Size

    479KB

  • MD5

    60447936cde27d5b3b52546a97b41662

  • SHA1

    48b7bd953ec750ef9935153ed51c81cb86433266

  • SHA256

    e9d212c7d0084babb5bb9228f16656d7f191eb3fb150a45fdd855d9a876ff92f

  • SHA512

    4f8268996483ad1080156e2bf82a4e8b12f2e85b1bfc84e7044ef80dbfe5070e2f17bab6e112874008830df85708a3a0f1319d9072bf5a8d5b96e8676d36c49e

  • SSDEEP

    12288:bO4rfItL8HADbsCnp+vnYgM5yLR/QjzBJh+hCeo75UO:bO4rQtGADoCnAvnCsIzBKnoVUO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Users\Admin\AppData\Local\Temp\544A.tmp
      "C:\Users\Admin\AppData\Local\Temp\544A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_60447936cde27d5b3b52546a97b41662_mafia.exe 6BD15592AE7B36CF622850C85B3F19E4A3FC97FDAC72E60B8A11680D84B79D13AA5AF57DFBE26156A0E300FC082EBA0E9C1EDEF7E5CA23BBB7027C9DDE4C9FD5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\544A.tmp
    Filesize

    91KB

    MD5

    6ab08db4ef520223a741ea07c7204846

    SHA1

    eb636adbf5c8bd7d19a50ca98c1ec3a3f4807402

    SHA256

    352e4df132878ca347954655830d4a4429ec115f7dafdfbb4f2682e36df05e73

    SHA512

    bd5000779ece106e4ae6c22c63b9467ef64741b03fd4707fa54d6fb03537a9d03b35a679cfae3e408fc3b3f8487f73c0375b496ed6077370f4e7adfaf480374f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\544A.tmp
    Filesize

    92KB

    MD5

    928687b0ecdfdca0823f9be1deea56cf

    SHA1

    bc91e2df093ab29a40daee507e6a1528fb86fd62

    SHA256

    fae497adc5fee9f3a1575f0e2974ca974b171198fac0f9fa77069ecdb36bfcd8

    SHA512

    2ef53f969fb690606bb9ae73992062b23356c8e5b81d7a6971b2921cafb59f9d2bcf7e08593429d4b8b2ec6b4bcf7031a09971b211f91c86fb6684e19f3ec1f4

    Download Submit