Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-19...ia.exe

windows7-x64

7

2024-02-19...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe

  • Size

    444KB

  • MD5

    b84247a3165951223cf3f709f186c256

  • SHA1

    58d6005db8a8fd25b2b27fd294efdaa7b6a19b0f

  • SHA256

    f4ce6ba6e3f5b0ae4767f507f67e764650525d96456c1bd9761e15c42ac09b30

  • SHA512

    ea413b1844ca0eda6cbc7ea7be51c1f49f3106b448730ba090fc2a2ef5e625d1aa10f902d2ab44c2041155bf258e9917e8d40f2774c290153276cca951476145

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStPVbpVUf6GFjifO6pOzQYDR0Z9kFKEfNmkM6:Nb4bZudi79LqnKifb4znEXINmYj+A

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Users\Admin\AppData\Local\Temp\40E7.tmp
      "C:\Users\Admin\AppData\Local\Temp\40E7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe C30496BEB609D8DD70BE5A45F1EE19284DF4401442225CD6584F45718BF6409606C8F20B09A64BC3169A0EA074FCF93BC5928555EF23B8738BC2C3860ED34BBE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\40E7.tmp
    Filesize

    444KB

    MD5

    727bbc317a104a18f057dbaf8f774c0b

    SHA1

    3c9152f96b8d9e89f9aa320de1e71cb65d0acc02

    SHA256

    4a66c8eea0b14b45c910144848ad2693f1f310613a3d7cae211f1ca819e4cce3

    SHA512

    17c40a78e3854eb6a845a6416056d4fc187a963dbee98b419edc05e6721edbfe87d9b9664f2ca04e2365ccb91dddaf4becb0bc9c8d04b2c022c6799e8a1c1ee5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\40E7.tmp
    Filesize

    115KB

    MD5

    559cf52d968e342fd6db56b19bee990c

    SHA1

    3777444d653999b7df7e5f21969f79b5bf528c8e

    SHA256

    39cfe9eaec03a55586c06dfce5d909340ab8cc36b0b9113b3aa4a7d796b81b3b

    SHA512

    e275a4f38de661da7323838b6a4a36adde2f0eb7f95c129c6e88dad2fe08a0e1ba7171441cca471f7552ac029358e879a6b35c13e5d510753074b606686fc395

    Download Submit