Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-11...ia.exe

windows7-x64

7

2024-01-11...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe

  • Size

    428KB

  • MD5

    5fde8cc0b807fe4a033790f8ff2422c3

  • SHA1

    3b8f10852f906a9d62a12ba823bea2d88a35fc71

  • SHA256

    c1fdb835c72e1bea36764a45884db108b9a7aa26ed3f0680eb321dbf150f811f

  • SHA512

    867a06614149496fa698559e04240f33264c899358d9da6049805696d2a8d6a44ee239441414da9fbf0390de3ddf2a98c24f0f7ee8bfa95817b64c36d9a7bafb

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFbv0Oy3WyfzZuoOqUbnP2K++MADv6q5HqHR:gZLolhNVyE+v0VJzEoOqOH++M/kHqHR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\83B1.tmp
      "C:\Users\Admin\AppData\Local\Temp\83B1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-11_5fde8cc0b807fe4a033790f8ff2422c3_mafia.exe 0FD3A55118EFC8EB335040300D09461ABE93C46A60150C938FD1BCEAC0EEFBB49987C695AA5161466280FDE50530166B37F19DD75B27DDD92B5348BF661C32DF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\83B1.tmp
    Filesize

    81KB

    MD5

    10695580d505714b951a4669f4b29f3e

    SHA1

    5054570540d57b00b018c362f9f37b45936540d3

    SHA256

    39ccbc48c266d6b4a0f1769ff8645239871f6c2e8f790a507042b0888bd759ea

    SHA512

    43cd021f6840842a2d4f51dabe3bd8d1fb53a9e169593ef7ce588674cb052fc750b307be7979035a526af3f1d44ca447957c680e2d75a7c9eb2debb5da9e9789

    Download Submit

  • \Users\Admin\AppData\Local\Temp\83B1.tmp
    Filesize

    175KB

    MD5

    11883b89ebce16e096e84c5c09ae34cb

    SHA1

    968da48a5174cff8ded19c543c3fb19bebeec0b2

    SHA256

    bdfc0732ff7386685dd5f97faa073fcd80f238cb683193f9a3054075a243df78

    SHA512

    6267bfbd392a2cc211ef3fc9c6d9a697cdbd1d1fc516a65483f21986f5562bf9ad0aa8ce0ac1ce78437ff55c54f8d131f069f84e1a74c2f795fff7396ef9db58

    Download Submit