Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-17...ia.exe

windows7-x64

7

2024-02-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2024, 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe

  • Size

    428KB

  • MD5

    82d076978594f39258cd1a56390f9e8a

  • SHA1

    6a03970b7eae01672955beb333e2043f08c03dea

  • SHA256

    7f88de43b0d8b73adb321c85d63cfb61243f5e5057bd8ec71c8ececd4fb4b438

  • SHA512

    7644534f71601d3e3588433432a158cb6b13fa04ead7b046842419fb47ea1f81939897715a1e50b1db3974efe9dc6588000eeefd5cefb66171b371e71ae13417

  • SSDEEP

    12288:gZLolhNVyE9dOM1QNo1Rlfr7A5VPL/E/n5UNqHR:gZqhOEe8QC1RlfnA5Z/KOU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Users\Admin\AppData\Local\Temp\C3BD.tmp
      "C:\Users\Admin\AppData\Local\Temp\C3BD.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-17_82d076978594f39258cd1a56390f9e8a_mafia.exe 6D98E2DE99B7AB3C8F951859FEBBF2614DD9F2D791F853487ADC32D2278A5062066D545654BD7150B9879A702495EFF7AAB9920B39C343BE1D6A33E5A045ECD8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C3BD.tmp
    Filesize

    249KB

    MD5

    6d8cdd7393449f85f606f2fd40618230

    SHA1

    de122e87e7d5332684acdb02168ac3491b04bedf

    SHA256

    9099b741e32b7274a414188fe2bb0987f114c48c6e99ba75722a1b26c5e714f0

    SHA512

    e2d617773ea1460347f29d7a341ea72b65251e46297688fbdb03caf585f03eda3ab099afed5eb483466987ebca1f24eb00154bae0bd10a652b0a7babc91d8c85

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C3BD.tmp
    Filesize

    428KB

    MD5

    9ce428facd29477d43cb8701ea3251d1

    SHA1

    d033dc28ce96d8882137de32a40323c283828c87

    SHA256

    d63b48be1ece9a096083915c720c79cfa5c7e42af4cb68464e36bd609be249b2

    SHA512

    17bf46ce144c4809f895fc6f3a4cd860e24161173204be989b412b1a68793028361417c2f56bb07798d9fbff0d1f8c284bdb9bae12c9158a95cea8e651c56dca

    Download Submit