Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    80s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe

  • Size

    384KB

  • MD5

    ff956fc3cf157816d44d002436a01854

  • SHA1

    1421ca4f379fcf033a2feb8df9a69c5a4ac848fb

  • SHA256

    be5b23d824f4b84deeba0c464191e0d9a3a0442334b145d3a9aa1320c893d480

  • SHA512

    eb18c1e56cee39417a90bc159863738f172e46f7dce36cb1cb6d667ba12f50512a2c6144cf0999e397532865595febbe832614d4ca31d76637f1caa069193257

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHPzQH3206z3X1pk5p+dAQ2fLfChjOsrWFZ:Zm48gODxbzZzQXejFpSpvQ2fLCZbWFZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Users\Admin\AppData\Local\Temp\543A.tmp
      "C:\Users\Admin\AppData\Local\Temp\543A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe C114A0166715B8CEA8A4D5679371DDEECBDAA59C1F6D142D60AFE820465BCF5CED526DC85362189974EE491CC51677E5B6213FDF5BCE969719B150B0D2C2F092
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\543A.tmp
    Filesize

    77KB

    MD5

    a65d6075dd3c6c54f63594c4aca0a871

    SHA1

    522abdeddf522cecd12ddc4a196e4ed847572ade

    SHA256

    f9645ed4c32694c9a998f709500473cd967b90215ce8f1b671a16703f19fbfe0

    SHA512

    ed15cff2b909dfafea4633bd95bd60766fe58dda77e59a17d42df78a73014c4d92365b3c900832db16854b537457451aeded63654466a08fac6290cd06b282c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\543A.tmp
    Filesize

    15KB

    MD5

    c0ea5e04e7f19eb6e235f0e512b15c90

    SHA1

    941b4c0afc9777577f5e4757fb8ddce040e269e8

    SHA256

    a90ae2cc57138a3ba520895c61997cdc9af65c2402d5813567c1020ee2425bfa

    SHA512

    9900d3884b74862c1d6e3656d9473156ed9941f74c0ffc54a20aac6c1430f1efc37945fac6573130f2488b3d6ca1d5cbac67e328d9b392ad4afee33c2fb86273

    Download Submit