Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-22...ia.exe

windows7-x64

7

2024-01-22...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 16:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-22_102448bd2503a7f4641f0ac88407a0ad_mafia.exe

  • Size

    476KB

  • MD5

    102448bd2503a7f4641f0ac88407a0ad

  • SHA1

    59a52109f76478a20e098a0612f1103efd7b0819

  • SHA256

    bb0f536cb8bb130e0fb4ecb780ca622f69881a73e356c095e1ae31a051f8bd85

  • SHA512

    a3a85c58817c7a732afb52d08ede85e9fcb327fc78e3d1479ee5c5a2397bf7dcf0bd0237bd1b03a6e69b3697dcc723bd394a802f1234c35bf725ab7d87b2c09d

  • SSDEEP

    12288:aO4rfItL8HRiCt3U4aErpWow7K9wlsDpVFd:aO4rQtGRze4M+9wlsDpVFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-22_102448bd2503a7f4641f0ac88407a0ad_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-22_102448bd2503a7f4641f0ac88407a0ad_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Users\Admin\AppData\Local\Temp\418D.tmp
      "C:\Users\Admin\AppData\Local\Temp\418D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-22_102448bd2503a7f4641f0ac88407a0ad_mafia.exe 7E55730C49EE67BF4950AEADD06A1E3B6790E9E556A5709A456661C068779D44EE9874CAC3C87363E0F674966C7E97999F5A4716327717522C1395EBAD4D5587
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4836

Network

  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468644
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E9A67C329B084C7F9F833D04260EDC96 Ref B: LON04EDGE0617 Ref C: 2024-01-22T16:32:09Z
    date: Mon, 22 Jan 2024 16:32:09 GMT
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    202.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.178.17.96.in-addr.arpa
    IN PTR
    Response
    202.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-202deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    18.4kB
     492.9kB
     365
    363

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200
  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    202.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    202.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\418D.tmp
    Filesize

    476KB

    MD5

    48b8c8381be4d4f600c7c083a49ca1fc

    SHA1

    c9b21f3ab03be792b45814f662301cc8af327021

    SHA256

    e427932f3d7e2b2ce4fc8efb104ebe320f7387f6c1803fb0039b6d85d15a8cb9

    SHA512

    682d204822b6def0ae7c3ef5b65bd7bf2ba7bfe174ace4c8bbefb491d728f5b26c4883c2df0e74a2099b12e4323cff23312d384b6e8579267c355016329d230e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.