Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-28...ia.exe

windows7-x64

7

2024-02-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe

  • Size

    444KB

  • MD5

    ae4d6bd1f97680fadb72335675c93b9e

  • SHA1

    b80ddf925a32cb108a59123213fe00f63b1cbf13

  • SHA256

    b79c5ae4d65430469879ae59389e855df50cf46ae29cd4c8549c5550266cef5d

  • SHA512

    ef0b964a23ff2dbfd44737827c9a69123255de18f2478148a911e32ede3ca1974f75881c37f3f81eb2e1b6f477e83991fbd8c71272b1eadc5d9f3cbb5544eb07

  • SSDEEP

    12288:Nb4bZudi79LDFI4wSCoelxv/hrgIcdguIxA:Nb4bcdkLDfwSCoAx6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Users\Admin\AppData\Local\Temp\7474.tmp
      "C:\Users\Admin\AppData\Local\Temp\7474.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe 9970FD211FE7633AA7AB04F2B738107DCD9735A7506BAA158F73F6A3AA2EF9D36E2C718F4F085B8BDD39C6D710A43E3E66FD84E51F3FD62295354D1DA7FA8711
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2128
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2272,i,11831746627654527593,10138103687018060346,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5008

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7474.tmp
      Filesize

      444KB

      MD5

      0b6b6f9d44e07edbf150f6df3d6c9c73

      SHA1

      3e6a8e5b1de133f064dda231f7d89e6cce6c15a0

      SHA256

      e4b9734ae19d5c994ae2ef7cb9b85b25baf77e06413fb2d203e0bd8285dfbd8a

      SHA512

      95356505321e7061a99c087fbd371e03dcf00f3ad3105a5909ad99d458a47d91ecb0ca26058c061517369e8e8dd4e857be718269341710d660dcf52c84703fdd

      Download Submit