Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-22...ia.exe

windows7-x64

7

2024-01-22...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 20:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-22_16a75df6027bab7a8c78c8d77f954e36_mafia.exe

  • Size

    486KB

  • MD5

    16a75df6027bab7a8c78c8d77f954e36

  • SHA1

    72e220df0b23243e91b3dd28a1c70a968747635f

  • SHA256

    1a24c9de8e6c415dfd7156ee519dc04db6000ccdb0a190a844e312f8bf3fb49a

  • SHA512

    707e7f18c0c2d01d04b836e8161aa6ce6806896c3c7787104526c7e10d96962b4485cfad23837b0c8ce76dbf62db0ee6d1b0a7ec3b4e9bbce6b2bffb82d37dde

  • SSDEEP

    12288:3O4rfItL8HP0CYvEqIwCxYgGFQGbHw1gN3Mo7rKxUYXhW:3O4rQtGPvYMYzFQIjNco3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-22_16a75df6027bab7a8c78c8d77f954e36_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-22_16a75df6027bab7a8c78c8d77f954e36_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\4537.tmp
      "C:\Users\Admin\AppData\Local\Temp\4537.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-22_16a75df6027bab7a8c78c8d77f954e36_mafia.exe B423C7D01669A33BF4B5AEC3654ED5F97319C0E4066E1FFF6DEFFD9A85F85DC54DC8788E1977EF725CE126C06AF180CC1E3172E92CE71311FF95276B4E9EE218
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2436

Network

  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.178.17.96.in-addr.arpa
    IN PTR
    Response
    183.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-183deploystaticakamaitechnologiescom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.110.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.110.18.2.in-addr.arpa
    IN PTR
    Response
    57.110.18.2.in-addr.arpa
    IN PTR
    a2-18-110-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
    Response
    134.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-134deploystaticakamaitechnologiescom
  • flag-us
    DNS
    204.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.178.17.96.in-addr.arpa
    IN PTR
    Response
    204.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-204deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.178.17.96.in-addr.arpa
    IN PTR
    Response
    200.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-200deploystaticakamaitechnologiescom
  • flag-us
    DNS
    213.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    213.143.182.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    183.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    183.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    57.110.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    57.110.18.2.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    134.71.91.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    134.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    204.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    204.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    200.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    200.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    213.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    213.143.182.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4537.tmp
    Filesize

    486KB

    MD5

    c41b3d5a0a222be68f08825abf5dc0d2

    SHA1

    33b29cab0dbf3857514deccb234a6fae3000242b

    SHA256

    7814c64f4151bccd765eb358ad49c970cdb7d29f5ee675e2b42f8aab8b4ee8c3

    SHA512

    4f60e4b23f537a6a2797c52b70c8f9ec716b60ff230cd5bb396fff573dec8be60e7214b2d0f2348a7d38ae259c452905bec5280acb38affc46b3ebff54ae7b96

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.