Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-05...ia.exe

windows7-x64

7

2024-03-05...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe

  • Size

    468KB

  • MD5

    51249da0a47750cc3e6063e63f81541d

  • SHA1

    202620b3fb51542a11c77a9fad1375e2890e5c20

  • SHA256

    7c3866c8b7a49fef3fd9ef57a79fa7f939e0394ac68e051e70c477d4d12c13ca

  • SHA512

    aec405bade2023ca50bba3f2f56b8c1ff1e1361c086d593fdee6cef39b17bde685860caa7d0e1da88692c9a732a2702aa8e90bc46588ea5071c25094cb0d258c

  • SSDEEP

    12288:qO4rfItL8HGSMaePNoTxUY8ACMT//Oz6sJ0dF7bWmeEVGL:qO4rQtGGXae6xUjLkU6Q0PumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Users\Admin\AppData\Local\Temp\3B8D.tmp
      "C:\Users\Admin\AppData\Local\Temp\3B8D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_51249da0a47750cc3e6063e63f81541d_mafia.exe 7FEC937E8692770649C79DCEBCCE6511F05C03A9A4C2B6EBC53F0756B36AAFB3FC6129BE50EF60C2AB50911E83ABC48EB7D621D1DCFE81E55A9169493986C3FE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3448
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3440

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3B8D.tmp
      Filesize

      468KB

      MD5

      59b2351b14dd9cc59b39c6704693c32d

      SHA1

      6059f92e41dc0ac796ea1ea91a8f49c5e45fd3c6

      SHA256

      916e3c9c31c4065e204119d7a4440f15e90261ce4bdbe2f4d47325257f147381

      SHA512

      f7525d176afc69d7b3cfbb7221aad0edb4a89096e7e73786c2d9cc853676e3e3bb369fdb09d2597cb25676dd40f4402febf81b41271c8d667be91e483333d70b

      Download Submit