Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-29...ia.exe

windows7-x64

7

2024-02-29...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-29_7c5ae7781656a6ed42a3c5d55515218e_mafia.exe

  • Size

    414KB

  • MD5

    7c5ae7781656a6ed42a3c5d55515218e

  • SHA1

    e503c7438e5fd232660b52dfe97a776b0ee74148

  • SHA256

    1bf2da319a0669fea40fc6c0f852e09100840a169cca152eb96475960513abd5

  • SHA512

    2ad1b4fe3d7197db1c2d176abb37d86f3265d4bf2eb2ea3aa59d460f08b64fc639faec1df17477c1cd55e1ab296d6cda7b271e2f21900dfd769bed711be5efa4

  • SSDEEP

    12288:Wq4w/ekieZgU6lGdbXx8YLJY8Vt3h8WKglx:Wq4w/ekieH6lkXxv/Rh6gr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-29_7c5ae7781656a6ed42a3c5d55515218e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_7c5ae7781656a6ed42a3c5d55515218e_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Users\Admin\AppData\Local\Temp\F24F.tmp
      "C:\Users\Admin\AppData\Local\Temp\F24F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-29_7c5ae7781656a6ed42a3c5d55515218e_mafia.exe A1CEB1FF0A57537A169B0F9F15FFC146CE59CA567EB20E2E5B00E61B75C5822EE064C8ABCC70340D3B9297C9A0B5B8CE26FD0C7BBC0C3812DAC15DEFE32C24FE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:856
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2208 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\F24F.tmp
      Filesize

      414KB

      MD5

      7978c9032d75dfa6eb172a6d0726fac0

      SHA1

      cbe9b2a0b56c0443bf9463aff48b14e338e2a0f8

      SHA256

      745932c2f0bbce4be43a806ce15548f46ce2a6bc9d035b88b62eb5140e6a7442

      SHA512

      8bde105d7b19b25402475f5d002f9730bfae3ea252bd5a9324b81d12929cf64e61d9a16ee9152ed82a576d6c4202c4a0d3d0b271ee71b4bca4f26e1b8e1e6589

      Download Submit