Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-05...ia.exe

windows7-x64

7

2024-03-05...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_87090591d631c950b4a4f69981cd1a82_mafia.exe

  • Size

    433KB

  • MD5

    87090591d631c950b4a4f69981cd1a82

  • SHA1

    805a9bb35d8e9f5ba3f4dcfc778f286ed98da417

  • SHA256

    860409b0b022a495950f9dcef0da239f6f8be02423b8e51f4f0c31ffa4137d2f

  • SHA512

    853f9347475b5214d16c975e18949cbe8e470a9b143b8784afee00217486364a0972666a66bd8e6e53c4ae70eabc3934a714bbd05e8a727f3f1f7e27ca2d6d51

  • SSDEEP

    12288:Ci4g+yU+0pAiv+S1BzpPgl/tMiq0k7/8TCxn:Ci4gXn0pD+S1Bzw/60k7/QCJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_87090591d631c950b4a4f69981cd1a82_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_87090591d631c950b4a4f69981cd1a82_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\6467.tmp
      "C:\Users\Admin\AppData\Local\Temp\6467.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_87090591d631c950b4a4f69981cd1a82_mafia.exe 82F624E115F21F47C7E4190630E52FC419796E8AD7D5C8FCCE0BC9871C2A15CADB1EC08CB8DA042B7C02525ABA37B0783A879CDD974851E8B9959508C26F14CF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4796
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2260,i,9938964625802268469,1928462186077019554,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4376

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\6467.tmp
      Filesize

      433KB

      MD5

      7bfdb3df331edc750903852b59368f5f

      SHA1

      b71b9a27b4ac3c302ccf81d4cbf2b3afb68ff5da

      SHA256

      8c730e4cc159333dfb81cb63faf1a8850df416cf7d62eed2a51e034785d0a53a

      SHA512

      6968ff89bcc1dbcc1461ad5e45bf42f428134bb4dc0ad13f924b9bd30b1e2f65c22b829404c5f86001086a1448e76dbab9815a23999655f77c50f2daf652b69e

      Download Submit