Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe

  • Size

    468KB

  • MD5

    9001b22d72d76f1072daa7573021c1fc

  • SHA1

    168987e7395071d7dde7a594062137fd9d4b7f94

  • SHA256

    a113edf3c9e94f7d8eeea9126efd24d7de866dc637c58f035704483aec471352

  • SHA512

    e9ccd0e8a49ab2cec878e9e9350bbc2fe9babcf5d01296d829c191b0b3da920ff80527c502c7590253e177cbff3828c102d205486f0a1ac8f9b841097e11e602

  • SSDEEP

    12288:qO4rfItL8HGtZkROese3aY/Sq2uv217bWmeEVGL:qO4rQtGGoLXn/SqmumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Users\Admin\AppData\Local\Temp\4834.tmp
      "C:\Users\Admin\AppData\Local\Temp\4834.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_9001b22d72d76f1072daa7573021c1fc_mafia.exe 6856695F02C04EB5EA0E85AF261CF7492939032CE1E789B604CA06BD62A13C15581DBE87DD747171015EB133F11878C5F56096D2B1714ECBCBEC0C49D9172C4D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4834.tmp
    Filesize

    468KB

    MD5

    d830e0b1247068125dfd5e353ddf2ba7

    SHA1

    3d59991308d7a0da15b5e5160821004e016aa56d

    SHA256

    6abc2fcf087a648c8b0ec137109826b441f722a3a4ef341ef3e1c0091f59077d

    SHA512

    1923268f392801cd47c26020b7376f73923d0503343390db51d846ec203a5e5912086e4422739162a646953b27f13e01a6c8a881000589fcc07c6ddd70890702

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4834.tmp
    Filesize

    94KB

    MD5

    738fd1be7e2ed27c5ff1fd2d6c803705

    SHA1

    7583fc29a5e55ef61a9c6247fc4935cecd99fc77

    SHA256

    189ad2fa80fc837e17ba212a3bf422f62ac0b49f06e64bbdcb1e4eaa355ad2b2

    SHA512

    8e5156434ad58ee47dde516a5f0b2d17c2b0588e904395bd16facc28d9f0af4bb8c577f05ce2c0ede89408b73cc4ae9db3aedbe94a5263894c7c86addcb5a048

    Download Submit