Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 01:43

General

  • Target

    2024-03-08_8f303194505a2d82efc89674946843dd_mafia_nionspy.exe

  • Size

    344KB

  • MD5

    8f303194505a2d82efc89674946843dd

  • SHA1

    02441b79c2d46b6691ca68c1e8d63b5419c74cfd

  • SHA256

    e238beefddce71ef690d2c518121dad1cb301de4037cbcc102a24a4948c7ca9a

  • SHA512

    ed963cc080382a2f811b8636452a839fa3dcb953f73c0ae18ba9302e7f5972402c2f456fc61b80593c7e920c7fd43b4c7d6499f9381d87dd630ad4e2100d9142

  • SSDEEP

    6144:VoTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:qTBPFV0RyWl3h2E+7pYm0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-08_8f303194505a2d82efc89674946843dd_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-08_8f303194505a2d82efc89674946843dd_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe"
        3⤵
        • Executes dropped EXE
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\Microsoft\SView\lsassys.exe

    Filesize

    344KB

    MD5

    b53c9035c6783439283fd618a53ab00d

    SHA1

    8b9227c26d927caf9513ec20755014461446e2e6

    SHA256

    0065838fea1cca0f05ff37a86ea501d947312d26b15e26797c8f5696f8bf9e83

    SHA512

    78cda0209175e1d82643f784f4816ad0553a4ad46fa8587085f1cf9328f0bf520eae317c4f8ecf222d3e682d1dcddd29b5a8b228f8a5226b61298ebc3b38d361