Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/02/2024, 05:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
-
Size
535KB
-
MD5
8b5fe14bc892e9ec6ef4c3d927547381
-
SHA1
b651242f199d0929f41d1df451e406b97c242047
-
SHA256
8d09fee926bdab3dc48b4859b5759db9c378132caf936f036edcd47b54d79a44
-
SHA512
68c3c26144f5c499d46f77728bce16f4bf4e6cf0fb3e12ea3123215fe308670857198ba72955ec3f46e26e2ed2c04674ff6103e8d44538d1a495e3044c5ddad7
-
SSDEEP
12288:si4g+yU+0pAiv+TXeK5F0YVBMtwPkVZWi91NZUxUlvjosTdcG93Dn:si4gXn0pD+LeQF0KHc1DXlvjRhFJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 1880 7CFD.tmp 1072 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe -
Loads dropped DLL 2 IoCs
pid Process 2256 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 1880 7CFD.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1880 7CFD.tmp -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2256 wrote to memory of 1880 2256 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 28 PID 2256 wrote to memory of 1880 2256 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 28 PID 2256 wrote to memory of 1880 2256 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 28 PID 2256 wrote to memory of 1880 2256 2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 28 PID 1880 wrote to memory of 1072 1880 7CFD.tmp 29 PID 1880 wrote to memory of 1072 1880 7CFD.tmp 29 PID 1880 wrote to memory of 1072 1880 7CFD.tmp 29 PID 1880 wrote to memory of 1072 1880 7CFD.tmp 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Users\Admin\AppData\Local\Temp\7CFD.tmp"C:\Users\Admin\AppData\Local\Temp\7CFD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 29CBCBDFFF694453994CDDB9D887CF9B922BE1FF108CC08C230930495F6EB0E2590F04AB1A5909A764A791AE652B9240B9ACF50211D83B5A5903D12795026C3F2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1880 -
C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"3⤵
- Executes dropped EXE
PID:1072
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
255KB
MD5b7fd76103054f562a11ce616d50a0611
SHA17473656e5a33b9ecc401985f917f65054bcbd16c
SHA256aba5c0bff0442597ff8743b4fe7d28de945b78be01eb88fc4a95cadd1fbee409
SHA5122a2996476dbfdcd50c39c08dc91a179eff4f016013707c9c0972c6e7a0e179b9da4fcff5e2d4d4883a31312bfefdb9a88d1490e1baaa4728a516c5c7f7bdfbd2
-
Filesize
535KB
MD50e7fe10c4a02f95c6728e5e1eaaa53cb
SHA166b18ed3a1e586bd81be404d865f05b05839cb65
SHA256f2d1f9f50a0ecc1769006ad6e91129b3038e61e9a21da9d1dbf0d3266c7e836d
SHA512384dc5b6c726630d43c4fab1638b963ff3356004808942d37d687ebf7be80b084ff3a7f59d3da06f9436f230b07a04731dc018fbd5c020d3c24e8a0977ab4678