Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-25...ia.exe

windows7-x64

7

2024-02-25...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-25_7f62c9597f3dd32e84f8ff8f6bd5f369_mafia.exe

  • Size

    414KB

  • MD5

    7f62c9597f3dd32e84f8ff8f6bd5f369

  • SHA1

    a80e533df3deb4cae50d06b876099382f3ce9d75

  • SHA256

    f7673cd2f5f74a92cd6660a8a14b4cc3c63fd7c6ddbf3b3184d739023a659e4d

  • SHA512

    72d99d16a0d3563f70c3d8ce3eefe4f0dafaea0499550cdbd874b58b608ab9b8c256ed5c8a275796a80bcc149dc925a06db935a1c1f59bc2b8406a1322a15547

  • SSDEEP

    12288:Wq4w/ekieZgU6T5nlvRJTT2FhWsc/zBzlx:Wq4w/ekieH65ZRJf2dOBzr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-25_7f62c9597f3dd32e84f8ff8f6bd5f369_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-25_7f62c9597f3dd32e84f8ff8f6bd5f369_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3748
    • C:\Users\Admin\AppData\Local\Temp\E3A9.tmp
      "C:\Users\Admin\AppData\Local\Temp\E3A9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-25_7f62c9597f3dd32e84f8ff8f6bd5f369_mafia.exe AE4FC90C1B833CD79133D106ABB796C8503937F860EB3C795A3C8953CC7DB50B3C4211C5EC508729C17124961982020489E0C4D7FE3AB824BC22A2DBD5003D58
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E3A9.tmp
    Filesize

    320KB

    MD5

    5447c479684787cfb4eb24fd2499d911

    SHA1

    3e61ef86a0c24aba54df004db7d52e9bd7430071

    SHA256

    5bdb469303325c92817e762c5ecf8e08f450d14d25b61c011434c9f695c95fdc

    SHA512

    74e6c1e545d15907bcccf2b883b2a88365a08f38e0e457bcafc1c297555648257da8b7f92ac3cc19957b2610fe5fb8ddd64b4e6b4d5df299d13e9973002d1f47

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E3A9.tmp
    Filesize

    21KB

    MD5

    3df0aad4a0e4baa9bed72b4e7d9fbe6d

    SHA1

    6729f53e87971517c822a2e852c2fcdc140fdae3

    SHA256

    a7bc39d07e4e19fd8e84387cb6efcc9dbe5d4662744fb4f24ea11b29d79869d0

    SHA512

    5e430e1aecb491abc580a58e94198400ca278e9d05c420f559666ac0170164d96f86d67667c9067a671fc11e65371754e7eb9000af88ae235d60c3c1e225c239

    Download Submit