Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-01-26...ia.exe

windows7-x64

8

2024-01-26...ia.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia.exe

  • Size

    14.0MB

  • MD5

    6ef9eb531fd516f470c8ceae141e2ee3

  • SHA1

    52cdacceebe2d3eaeafd27147c1d9ba7b29393ed

  • SHA256

    f37147d4bbcaf8b05f96820aaf8d148adb18336e3f01cbecb7b5f4b21e58c845

  • SHA512

    8009f7e51fa9570a0ebbc2a1e1f996d2226c7d8ad6f3ac80ba4184a8f69344d3c0eee80e18951cf85f55a9da1d371c7d82f9048c6034972844e29312ce2a86b8

  • SSDEEP

    393216:5wMYHSUFvsLSO3xbg5/tKjCV8jbbWXxicoUYo7wRTW8NCILTR/:OVaSO3O5/tqTwgCYo8RhEILl/

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 4 IoCs
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 12 IoCs
  • Drops file in System32 directory 34 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\applyconfig.bat" -l="C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\SCE4089.tmp""
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\hapint64.exe
        x86_64\HAPI\hapint64.exe -i -q -k CCTK-SCE -p "hapint64.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1896
        • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dcmdev64.exe
          dcmdev64.exe remove root\dcdbas
          4⤵
          • Executes dropped EXE
          PID:108
        • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dcmdev64.exe
          dcmdev64.exe install .\dcdbas64.inf root\dcdbas
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:1908
        • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dchcfg64.exe
          dchcfg64.exe command=getsupportedsystypes
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2356
      • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\cctk.exe
        x86_64\cctk.exe -i config.ini -l "C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\SCE4089.tmp"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1652
      • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\hapint64.exe
        x86_64\HAPI\hapint64.exe -r -q -k CCTK-SCE
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1560
        • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dcmdev64.exe
          dcmdev64.exe remove root\dcdbas
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:2220
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7c59dff8-729b-70cc-4b1e-9112fe840d16}\dcdbas64.inf" "9" "6dfcb1ac3" "000000000000032C" "WinSta0\Default" "00000000000004B0" "208" "c:\programdata\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\hapi"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1904
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem2.inf" "dcdbas64.inf:Standard.ntamd64:dcdbas:8.2.0.454:root\dcdbas" "6dfcb1ac3" "000000000000032C" "00000000000005C0" "00000000000005BC"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2264
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    1⤵
      PID:820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\dell\drivers\2024-0~1\X86\HAPI\dcdtvm32.sys
      Filesize

      17B

      MD5

      9d4d9ec6ce9c703fcde269b7f1665c67

      SHA1

      d7e78cde5f87fd3ca5478a61b65af4b64ea97123

      SHA256

      ee57916b76f7c9895a83933fe239addf1a7d76ebe597bf41b8133196a0779a68

      SHA512

      4dfe5a3d8f5a675e927c1798ea6eec868c7b5dec6dd72ca584d93c69e0ed782aa25d413bb4a37ff1907e8637c4f476c4f6523e402f9c6f0193b467adfd0439a7

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dchapi32.dll
      Filesize

      336KB

      MD5

      e3d920f761c9535ecf5d92cd7d9ad5cf

      SHA1

      da4d20b4873837fcd0609c4a30aabcd76bde0aee

      SHA256

      081ae3fa46059f97a4b7b1115f6d796bc27c751bae0da57b14cc6b6c4a15f540

      SHA512

      021068eb0db2aca4e0b9220905c673a13c1af81c7aad0d5fc354b74ae03f983f72f1558326bdc4509d7cd7347c6a3dadb5243180c60d1d165847375ba22bacb4

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dchapi64.dll
      Filesize

      400KB

      MD5

      8f6f86f82fab15ecb18701a94801602c

      SHA1

      0bd48f782e532a42acd1b5d3028643763232f951

      SHA256

      4f02da8a8a122ff0504f52e3a8f27a0fd0fdba172e0377d37f13a6143c650cde

      SHA512

      7d4fa83cb08a0f36a0f8997f8f9bda35e50f9478ce52faa695bbbb0b24831888b65dd013ee9fd0e31c4ca2a6bc4967511e6971c5999af1c043a7d0ae983b295b

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dchbas32.dll
      Filesize

      376KB

      MD5

      cd26cb34bba6d1ed20212b737e1dc7ef

      SHA1

      7447358f686f29a7a919cb39abd5e82b9fedac66

      SHA256

      ea6e0180a99a4a600605cf461934fbc772b4c52437f3d7c545609018c949b565

      SHA512

      f8fbea2fabba3866895c92b5a903fbee24a2e18b46368e74f2e0f88c35d0a9b183669d08d49e299e14785a377fceaae8875f3c83c624c286ad886b1033576901

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dchbas64.dll
      Filesize

      452KB

      MD5

      cf004f9bae9042ba447a962555973658

      SHA1

      e889d6ea667a3ff57da93d83ca27e8edc00b6fa3

      SHA256

      0ed95ce084b64bf89a519f3e3cbc5b392ab3ced63cc72f5732d1d4e6cadb2910

      SHA512

      3457aa19684ceb3f4e5244215b23e4fc8b8399f92f80c7941dc98eeec07d3169298f13421d44bcef8f427532aaf3dfdc01c2b49c86c7920ae1f0aab79ce044c6

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\cctk.exe
      Filesize

      624KB

      MD5

      c60b4facc70a1fc3e2a71c3918361d97

      SHA1

      ffe25785a3f7dc00ef68c2cd40f73d906d882569

      SHA256

      259b5fa5dd9a49cad025a42e4875665dfb34d84a7d0cb6ecc5ed3c8e26cb62f4

      SHA512

      135f33ee2d04e43fe15bf1494fa8d2a830409a31feeceba42fc3a3821cf4642b0c026f283fdbbc793f315f1da901f4bde98dc3a3aea0ab10bbc232e941a52bd0

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\applyconfig.bat
      Filesize

      885B

      MD5

      21636cd59fbdb36ee31ca1bd06c244a4

      SHA1

      8741556987ac6acef7475f4d5562a2984b8749ba

      SHA256

      f4128c23625b915afbd307d91a2395fda20656dd63f7b4fa408a96b3c10186b4

      SHA512

      e8e581cda06e21c5943dc11bc937bb12faa094b5c81af9d77a2f7e956d1640115f0985e4359f2e53a73d7ef3b6e965e656fb365ebdccca7efec418a738aa1ee2

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dcdbas64.inf
      Filesize

      1KB

      MD5

      7c2a6ffecdf1b526bc3fc9d1b18b28ae

      SHA1

      54ca9c16094486e242b3b641e012f74700f93ad1

      SHA256

      095ae098e9a41605fba14c0bb7f3254be7fcc05b327c27c4c78aff59d0a24853

      SHA512

      1a1523ef86755fa24589ef56662ece11f0abcb0d727219c5bf521a6dc92c152236ecbec369626212870b96c82c67e1aae23caecc97098e37e580f69bceafaa57

      Download Submit

    • C:\ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\HAPI\dchcfl64.dll
      Filesize

      333KB

      MD5

      a300bb3f80773475042a4e13911f8e01

      SHA1

      e98109986b89e4ff44e07e89e7f889e70f0e9c92

      SHA256

      a3685ca5d69c1934e0bfd884761df95086e01de7e133ea3107cfca26f7c4e980

      SHA512

      6f32d5467dc8da2b58415fcec119bf6615cc2551febb5d2b83f0160b2fe9e67e2c2b7f3e4ce67c969ea4d6b98ccad0398c1ce0a8b913c5d54ca7cdcbd8b44ca7

      Download Submit

    • C:\Windows\SysWOW64\dchcfl32.dll
      Filesize

      287KB

      MD5

      b04598ff628e05d41318ce50fe9aa471

      SHA1

      30155cb82a8ec2218d981467492310e92dcda705

      SHA256

      18d33b974fe001863f55e1bdb2942e919e9e9755bf9d44a35616fbefcfb21d6c

      SHA512

      998f9a47808eead3781590cc3f7fb2f21c4c2304aeaae3faa308bbfccf760f84cd21d7c8353c08e0d57ed52fdefaa78bab17145d9c6e408b411100f979e459a0

      Download Submit

    • C:\Windows\System32\DriverStore\FileRepository\dcdbas64.inf_amd64_neutral_11600ecf12dd041c\dcdbas64.PNF
      Filesize

      6KB

      MD5

      7b3bcd737bbfce760f06542c332b0109

      SHA1

      2c04f1bc7faebd5c973181411edf764b76cc3ecf

      SHA256

      78318f447dfbb7ab52728447d97af8b74376063d652902f348028be3ea3ea6a4

      SHA512

      6ff4a374b362089ccea0c80755b0e3165fb6cd7890ff1d2604c08271281789ac7aaaf6349ca96d50ed1e1bc40ba7f08b04920fa6bdf9446f4d9a465137042fd2

      Download Submit

    • C:\Windows\System32\DriverStore\INFCACHE.1
      Filesize

      1.4MB

      MD5

      73a4049c0640f6c10e1e46afbebeed84

      SHA1

      2c8c07a081ed63cb2251851004103ee9fdf91530

      SHA256

      7bd31fd32124abdb3746ab470488d02d1f295537121fb1535cca5cbe9e4fdfd4

      SHA512

      125e89ddb7bd88f971cb8213b2fdcd55fd93941950a0e0ede268877be17c18794448ef5535459a73c9dfc85d1ec5884cc7a8923a20a42e566d028fbdcd12cb0d

      Download Submit

    • C:\Windows\dchcfg32.exe
      Filesize

      347KB

      MD5

      c2c8ac125b287d8b78ab182067fed555

      SHA1

      56f73c9bc0c088dae2c5b261d8717d5370202944

      SHA256

      b7c33620286db0c9a123d092a9f7eb3bcf9923eca3932484b2e142c79cf01f6f

      SHA512

      e5cdbd443d9deac31092e47d8f8d403b0ceeefb4fa3e6b5618b1f317a8086d41d9e3bddc718c237c7eb575cb85e64de14591ecc7e5cee883a7beb5732949a964

      Download Submit

    • \??\c:\PROGRA~3\dell\drivers\2024-0~1\x86_64\hapi\dcdbas64.sys
      Filesize

      47KB

      MD5

      3ab549325a7067d23c97fc9669dd8a65

      SHA1

      55b59d442bd1abd4ba862e763ec1241a9a5d3f5f

      SHA256

      4058ff9422d30d3795b5bdc796636852e33efddbd9b6df584f3da5d2fb2d7daa

      SHA512

      b68549df9eb46857ed4df508357f94661d371bad708e1773fd835f1becb52cd833397ec7bfd843ba952a4561b6e7ea4cf48986005f384a07952a2f8493e6a972

      Download Submit

    • \??\c:\programdata\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\x86_64\hapi\dcdbas64.cat
      Filesize

      8KB

      MD5

      d2383b90b4aab1cbb4c21aabfadc233b

      SHA1

      2ca61e2a3c097959ad25df8d99536547a8db6d8a

      SHA256

      639634a5c26e86c9545c95c31c463d4d5dd0f1822328fd9ff89190662ecf60fc

      SHA512

      605c27f229c2f55db35bc93aa3153197e813e8dfbba3e966bc1b17662f4419068e92838a1599fb1e29fd0d71accc9d329f7f0604ede0a08b0a15976c1a8e702f

      Download Submit

    • \ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dchcfg64.exe
      Filesize

      416KB

      MD5

      de426e0013fd5508bc01e2976a7bdd12

      SHA1

      b861a727c7f6bba4c944b1818e8b224044ff56b4

      SHA256

      b35e2ef5e343e5397f3f3d14bce7a5ea8955e0f3958869615b1912835fe3584d

      SHA512

      fb28ebe8c2ab2146e6390b1e01ead664b32643d54a78e6b587b5072fc4610ce67e65413e849f6ba4e8019cca92f24e5e3bd9e5ad263193d7a266a0fa3c421420

      Download Submit

    • \ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\dcmdev64.exe
      Filesize

      223KB

      MD5

      800d58aab609fb7fd456846f237d90eb

      SHA1

      5c031a0251b814b6c1297b1f426c145c712dd688

      SHA256

      95a8065e71b0d8091198adf3290e3bf36e32cb34eb53dce67218a02d0150fb48

      SHA512

      e829abe0835fa36d253c1b6720c9c2e3e40097417eb6eadf27344baaa490fc00d2325bf0ddc6bb2c3c904fbaf7c3122ddf976d61f73312d8dee80d346c1def10

      Download Submit

    • \ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\HAPI\hapint64.exe
      Filesize

      477KB

      MD5

      f6e20063546210f36e95c05efdce22ad

      SHA1

      db4618172eb2d80424d3556408d71471c29ff80b

      SHA256

      23835a3fc69f19d2221a311bc60b6e2698a9859d9b2c8ab329a1264ca2c3745a

      SHA512

      70e90dcfb23e9d99fb011bd998db4eb8d5811ef9468d9741d256e16207fe6bdd6ddc562e212fb4e9da2b7d787137c953775df1e521c4b5b089766438e3fc02e1

      Download Submit

    • \ProgramData\dell\drivers\2024-01-26_6ef9eb531fd516f470c8ceae141e2ee3_mafia\X86_64\mxml1.dll
      Filesize

      113KB

      MD5

      18a91d7814414a47be9e5ca8c2586c9b

      SHA1

      c39291cd62d3507212b4736c6848f62b719a98b3

      SHA256

      c1504e798402c5ee36cd382e1e4a9339af5b20e9f83449aa0add6fc61eadbe16

      SHA512

      a611f85c785583849ced8bf174ffc148284fd1946587da53601c0f81a7e415f59fb98a1ace5d34c311b49f3c00fc20d2a2ccd18ecbdd0e573d81f307a56113d5

      Download Submit