Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-19...ia.exe

windows7-x64

7

2024-02-19...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 20:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe

  • Size

    444KB

  • MD5

    b84247a3165951223cf3f709f186c256

  • SHA1

    58d6005db8a8fd25b2b27fd294efdaa7b6a19b0f

  • SHA256

    f4ce6ba6e3f5b0ae4767f507f67e764650525d96456c1bd9761e15c42ac09b30

  • SHA512

    ea413b1844ca0eda6cbc7ea7be51c1f49f3106b448730ba090fc2a2ef5e625d1aa10f902d2ab44c2041155bf258e9917e8d40f2774c290153276cca951476145

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStPVbpVUf6GFjifO6pOzQYDR0Z9kFKEfNmkM6:Nb4bZudi79LqnKifb4znEXINmYj+A

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\Users\Admin\AppData\Local\Temp\638C.tmp
      "C:\Users\Admin\AppData\Local\Temp\638C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_b84247a3165951223cf3f709f186c256_mafia.exe B07D998520082D3B210EE1CF7AD4A745B13A9FC1BDDFCC3DEBFAA403471C827EF259DFEF7584BB236DB44FE449D8166FB177D5853F239782A8277C2BC987654B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3712

Network

  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    155.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    155.179.17.96.in-addr.arpa
    IN PTR
    Response
    155.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-155deploystaticakamaitechnologiescom
  • flag-us
    DNS
    148.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    148.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    150.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    150.179.17.96.in-addr.arpa
    IN PTR
    Response
    150.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-150deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    202.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.178.17.96.in-addr.arpa
    IN PTR
    Response
    202.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-202deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.116.69.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.116.69.13.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    155.179.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    155.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    148.177.190.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    148.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    150.179.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    150.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    202.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    202.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    104.116.69.13.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    104.116.69.13.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\638C.tmp
    Filesize

    444KB

    MD5

    87c2070dfa0c1c316d2c7db3f39b433c

    SHA1

    18e509868d6b814f8d38d8787aca84703cc4601c

    SHA256

    3a4a1a499779ffd31c34576246c0c3dfe3695d9b5110123365a8bb0ba6af4087

    SHA512

    38c58df50ffe23c51fe1c905cd5e3661427b1da6a09b39f1c55378eb9f1361c6c0a4d73d3e704c7f899047e0d48ff07610d1457da7e2a7348a4191f9d9f0300a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.