Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 05:27

General

  • Target

    2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe

  • Size

    535KB

  • MD5

    8b5fe14bc892e9ec6ef4c3d927547381

  • SHA1

    b651242f199d0929f41d1df451e406b97c242047

  • SHA256

    8d09fee926bdab3dc48b4859b5759db9c378132caf936f036edcd47b54d79a44

  • SHA512

    68c3c26144f5c499d46f77728bce16f4bf4e6cf0fb3e12ea3123215fe308670857198ba72955ec3f46e26e2ed2c04674ff6103e8d44538d1a495e3044c5ddad7

  • SSDEEP

    12288:si4g+yU+0pAiv+TXeK5F0YVBMtwPkVZWi91NZUxUlvjosTdcG93Dn:si4gXn0pD+LeQF0KHc1DXlvjRhFJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\7CFD.tmp
      "C:\Users\Admin\AppData\Local\Temp\7CFD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 29CBCBDFFF694453994CDDB9D887CF9B922BE1FF108CC08C230930495F6EB0E2590F04AB1A5909A764A791AE652B9240B9ACF50211D83B5A5903D12795026C3F
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
        "C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"
        3⤵
        • Executes dropped EXE
        PID:1072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe

    Filesize

    255KB

    MD5

    b7fd76103054f562a11ce616d50a0611

    SHA1

    7473656e5a33b9ecc401985f917f65054bcbd16c

    SHA256

    aba5c0bff0442597ff8743b4fe7d28de945b78be01eb88fc4a95cadd1fbee409

    SHA512

    2a2996476dbfdcd50c39c08dc91a179eff4f016013707c9c0972c6e7a0e179b9da4fcff5e2d4d4883a31312bfefdb9a88d1490e1baaa4728a516c5c7f7bdfbd2

  • \Users\Admin\AppData\Local\Temp\7CFD.tmp

    Filesize

    535KB

    MD5

    0e7fe10c4a02f95c6728e5e1eaaa53cb

    SHA1

    66b18ed3a1e586bd81be404d865f05b05839cb65

    SHA256

    f2d1f9f50a0ecc1769006ad6e91129b3038e61e9a21da9d1dbf0d3266c7e836d

    SHA512

    384dc5b6c726630d43c4fab1638b963ff3356004808942d37d687ebf7be80b084ff3a7f59d3da06f9436f230b07a04731dc018fbd5c020d3c24e8a0977ab4678