Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_9b0abe1f580888214a6a39ec3572429e_mafia.exe

  • Size

    412KB

  • MD5

    9b0abe1f580888214a6a39ec3572429e

  • SHA1

    b6d88542dbef6dea02873e8688500870c259c60b

  • SHA256

    34bb905d12376ba11da1e08e53b2037257bf08ad565afb5f9e78f437a330ac3e

  • SHA512

    acc76455a99668a6de04326c759862d4580e9d3853c562be9a8981da06134be6469511ddb0b4270ead156c71d58a589decf783916b61948a51e37c9c46b2aaa7

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZnW1H/mQBaRMQRvOpjsXyVac9ehv0L8szB9TP:U6PCrIc9kph5wod8iyVac9cv0YeBh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_9b0abe1f580888214a6a39ec3572429e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_9b0abe1f580888214a6a39ec3572429e_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\8298.tmp
      "C:\Users\Admin\AppData\Local\Temp\8298.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-08_9b0abe1f580888214a6a39ec3572429e_mafia.exe EB87862511E0D085CFA6B16A70C0E8C75E4B7D064A81170DBCADF38E471CBFA3CD563E48523EE607EE0C8A4475F6795A0C0A4D248E651C6BDEEFEB168CC2D6D1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8298.tmp
    Filesize

    412KB

    MD5

    3d143146818a4f859ee508278ccc5846

    SHA1

    0d9e39d5f4b7b3e3c4676a3bc695ddd59321c011

    SHA256

    438b5f30eb48c476395e920dba5c85bd1cf0060e53abcd341cdabaa0c5bc5746

    SHA512

    b02b8d567beb78627de9730d3cc05315b6316f02373067185b8736dbb37236960b3fb3ada1de49941bc6b3dc0ac0e1a5726e7f4954737b943e14af000a69c182

    Download Submit