Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-28...ia.exe

windows7-x64

7

2024-02-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    116s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 16:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_df300491c8fd545c36f1945568db1945_mafia.exe

  • Size

    486KB

  • MD5

    df300491c8fd545c36f1945568db1945

  • SHA1

    4707b963038372f61092643cdb0d234015cfb444

  • SHA256

    c3b81962b5011e63fbe89bae51677f5d86e303da341010feba36f740f305a5c4

  • SHA512

    ba8e10031773cb1a8502a732ff377889dc0439961274e4258892b4512411cc531a56c0764f55125e992e0a3a98c56e56991c173028555b3a95837456d470421b

  • SSDEEP

    12288:3O4rfItL8HPJq4XsL1kcyDkknJNk+ex0VllZgK7rKxUYXhW:3O4rQtGPJqVkcyLJNk+eiWK3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_df300491c8fd545c36f1945568db1945_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_df300491c8fd545c36f1945568db1945_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Users\Admin\AppData\Local\Temp\7BF6.tmp
      "C:\Users\Admin\AppData\Local\Temp\7BF6.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_df300491c8fd545c36f1945568db1945_mafia.exe 1EEBBB5C0158721334D117FE163853B7843A8BED3902685585B99FF239E197370E3A21C893CA3320CFC6E22EEFD0CE0FBF1D26C6FF8567D975E9D017AEF88F9E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4924
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:780

    Network

    • flag-us
      DNS
      5.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      5.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.181.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      202.121.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      202.121.18.2.in-addr.arpa
      IN PTR
      Response
      202.121.18.2.in-addr.arpa
      IN PTR
      a2-18-121-202deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
      Response
      187.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-187deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      5.181.190.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      5.181.190.20.in-addr.arpa

      DNS Request

      5.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      202.121.18.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      202.121.18.2.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      187.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      187.178.17.96.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7BF6.tmp
      Filesize

      486KB

      MD5

      96cfd14f8011df808c52f12ddb423e17

      SHA1

      98b381468d52891fd97463dac8c2ee3d14e63bd1

      SHA256

      456f31dcd31e9196b8b27813ffe7518b9ebdec771e5dbe5e1c33fe5cfe46fb58

      SHA512

      ce832975e1f55aedc644763070e24da5add109f72612edaef6649079472df79ac789286e6d4ca284a3d6a233d0f76c102f32f8d406281d4261e77e2c20cfcfb4

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.