Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_fa66cd30d574746837d6e8b3106cfbef_mafia.exe

  • Size

    411KB

  • MD5

    fa66cd30d574746837d6e8b3106cfbef

  • SHA1

    b1f0fcf7d37e17e4c9d8c4a2fdd67945596e27a1

  • SHA256

    a57de947d40f04c1f9e39c38dfbbb59969dcb48729e15c4d1e7fad3ae0c953a3

  • SHA512

    2ee98a1f6a4f0dd5355eda15a96522c5b76412836ab6cce328600c771935c7be4d2c87f470889ee882bf497041a60fd4dc08205a2d6c91e59fece3a8c97a07d7

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFXfFJClr+h9k8Ffny99v/u8MVxxqHI:gZLolhNVyEgphnWv/9uDqHI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_fa66cd30d574746837d6e8b3106cfbef_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_fa66cd30d574746837d6e8b3106cfbef_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Users\Admin\AppData\Local\Temp\1075.tmp
      "C:\Users\Admin\AppData\Local\Temp\1075.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-08_fa66cd30d574746837d6e8b3106cfbef_mafia.exe 5B86313AAF28C823BC8DF3C2581E1071C8EF36E7B26DF9AECD380B52FB513D593723293ECB4314D1D201EFE188A0435A226C987DD957F0D9B7C22DB7936CB542
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1075.tmp
    Filesize

    7KB

    MD5

    5e2fab00ff70ec255573bce389ce0b99

    SHA1

    1d34760cbb55f8cedca377aaf4e857d948468d0b

    SHA256

    444a4de41b4372634344fd6daa6d400a7117ddc93dfb65666263f32f29320c98

    SHA512

    b51631c01c93a90b925055e338d5600287658bf3aa8db1c175c1a2f9b16e560e38bfbd9c209c6099be66c5b765154b27e11caf0425d5e6998a351c634ca4122e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1075.tmp
    Filesize

    11KB

    MD5

    09e4413afd840c8c7a8603d193c35031

    SHA1

    7107d2e439b4b53a7bf8c23b8b6f2d28df86280d

    SHA256

    8e714c79668aa9fd291b50b466a72d9b3b09dc35a71cdfdfd1a5de234b5080b4

    SHA512

    06c5d1fe32e81a785ae426912fe99aaae11216843e771f7f4ed2f3033a97b8f0c0e01c0e675c61a282e53d52c6b00f15a056db96bb50698ea95ee2ee912d0fd5

    Download Submit