Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe

  • Size

    468KB

  • MD5

    9001b22d72d76f1072daa7573021c1fc

  • SHA1

    168987e7395071d7dde7a594062137fd9d4b7f94

  • SHA256

    a113edf3c9e94f7d8eeea9126efd24d7de866dc637c58f035704483aec471352

  • SHA512

    e9ccd0e8a49ab2cec878e9e9350bbc2fe9babcf5d01296d829c191b0b3da920ff80527c502c7590253e177cbff3828c102d205486f0a1ac8f9b841097e11e602

  • SSDEEP

    12288:qO4rfItL8HGtZkROese3aY/Sq2uv217bWmeEVGL:qO4rQtGGoLXn/SqmumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\4C8A.tmp
      "C:\Users\Admin\AppData\Local\Temp\4C8A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe F00DA70196FC5714CBF28093140C979AF1068F8241BCC4AB5EE660F9993E959E1C9AAD853B7408631C592CA0C8EF5F2B228223F46FF77F514594779028852B1B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4C8A.tmp
    Filesize

    51KB

    MD5

    adf5eb67e167857b61f3965d9ede3f59

    SHA1

    4bca12fd5944910b2b616e1f5f3cd3c5997d1612

    SHA256

    96d389e53c7543f882e51be764a29c2d2cbab06731986080a4d574cfed486f6e

    SHA512

    f02e728e35cd99aaa25751a0c0a11bdd486ea2a4b803eb4dd6890c7e6625215de0847e55e01acc71634723fe27d6aa13554026e410d24c7a5ae5f48cce0f26da

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4C8A.tmp
    Filesize

    85KB

    MD5

    1712d531a8961de2f0a83e44424a0398

    SHA1

    c135ad5c0f9e9b1306e188ab6084db642b81dbf9

    SHA256

    94c81d6b14f8adf9dbf6ace30980058e2047269086ccb90bb475ac5870b59db5

    SHA512

    3c6be2d2577363126dfc9b4e936497406e6d66cc8ea9c6a5f9f246bed50502076ad5b01c2611af692f368891af37b53219deb8f2fa160916526dabdb4ef8d5fc

    Download Submit