Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-17...ia.exe

windows7-x64

7

2024-02-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17/02/2024, 15:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe

  • Size

    384KB

  • MD5

    29ab14f680f4a6a6f46ec11b4d632d0d

  • SHA1

    cc72d5c4cf135f4834c53f6a6a2cf5f5ebcd5ef4

  • SHA256

    5eac441e26c74afdc71f98cc701a71b60f31c95c520cf6b97342451c16cc1a9d

  • SHA512

    fdb36bf45598e10dc9fc37d1506c3ec40ad82fedc3ddb126c98f71a6d2f683954f887c3133b73b4b9e10fa69b70aea32762498b0062a1db9098e74d641de2fad

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHyWVuHSvONFnK8OUYKt90nblDkcPPttSrpZ:Zm48gODxbzgWVuZtnlC+OPopZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\D0B.tmp
      "C:\Users\Admin\AppData\Local\Temp\D0B.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe 3D39EDEB97F613AA78079E8638F964E0B4F513FB2A74528401C5CC792B62AAADF63FE8D7B913D23CFC5CC1A6920D546D9C6013B7B0AE4D0FF7698A5E654EA396
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D0B.tmp
    Filesize

    145KB

    MD5

    54a4c506bc723a26e59198417a959ba1

    SHA1

    4c718c6a3496fe0dfd4ac54b2bbd867a468bfc8b

    SHA256

    50b3ae1f31cd2b87ddc3a2b68edf713d64d2d6c6dff29efe80e0ad24509a1036

    SHA512

    083f0092b2439e7cd60d5d4d351c022b26a281780eaeefbed322682001882d8802b3468750b473cfd5cd8920f48cfdb94bdd1dc234bf2365a1ed0735a0d424c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D0B.tmp
    Filesize

    174KB

    MD5

    803f97368f7c9e0f1438a560983ee83e

    SHA1

    4be90325ef33ac9a1bd4137b3ebdd470448ad564

    SHA256

    ce09d24c17e116055ccec95db235089749bf9ce0ea47168566ab8b406bd1c62a

    SHA512

    a5c7c2cb2be47cdcd7d44739b01c8c96689ac741c4360b017dda9c75c81f3a9df62057a81e8e6ceabb88ab4dbe69f4046cb6ee2643f6f5a4df0c4bfeda46077e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.