Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_b11777b66f604455fc60886aceb3656e_mafia.exe

  • Size

    433KB

  • MD5

    b11777b66f604455fc60886aceb3656e

  • SHA1

    2395e30072d8acd3be2ecd34a2c49b3a1e3fea3e

  • SHA256

    9097dd607816c94fb827db3bc344d00df10b979cdf1e8f484fb2074a6418b523

  • SHA512

    8b7d2ca0d70a04e12a7f6bbf2ad71cb511c255706bc776954998f32757540e40cffb86fb0f4c4a4c90ffcb1f3c14ae71ccdc34d17c91b22f4b7368df43e1bf72

  • SSDEEP

    12288:Ci4g+yU+0pAiv+uklmLDD4KLUZkuV0mXzXRn:Ci4gXn0pD+nmLD8yUZHLjZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_b11777b66f604455fc60886aceb3656e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_b11777b66f604455fc60886aceb3656e_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Users\Admin\AppData\Local\Temp\E5.tmp
      "C:\Users\Admin\AppData\Local\Temp\E5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-09_b11777b66f604455fc60886aceb3656e_mafia.exe DCF674639C962478DF2700EE181B608C1B80F0A43FE7583E77B9930EFD2D6DD797234602FB108A2AE1555D52AC63DA9606D79B9847783A7D66BBB782D6A2B1EA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E5.tmp
    Filesize

    93KB

    MD5

    0eb0fefdb8f67024112d619bee802879

    SHA1

    0352d5b4a71c3a3b9d99946e48a4c4e3cc329f54

    SHA256

    c2caf646053e7c6685bc71a32233027b211c0f11f8ee5699437d1e858fdc935d

    SHA512

    3421d0c45d4f66652a6a55ab5bc5b49a427ef2dab0da8a0cf1950b1570670ef393682152a76dbfeaf707da79e31b2a2e3fcde1670d46adaca8b405257b3fd04f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E5.tmp
    Filesize

    59KB

    MD5

    9d22073b19fdf5a4db7f2be4c3d4e918

    SHA1

    043abcda58bd73fed4bd77a1998f017d0c578eb9

    SHA256

    08f202b3baf4e5579c24d304e335175ddc6d77db52ea02358cab4ef9c4de1515

    SHA512

    6123d6d1bb950881d19f8196ac0f66ff2b86bdb04c427f5b668a5167a4a2f976796bb91cd7f6a1c60ee502b584541481ed6e217f6bde175f447ab2fc70893cdd

    Download Submit