7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-09...ll.exe

windows7-x64

7

2024-03-09...ll.exe

windows10-2004-x64

7

Sharing

General

Target

2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill
Size

387KB
Sample

240309-gdeshadc53
MD5

56ae159db30d3c9e1e05fa5c890df4a3
SHA1

582c101e2c2eadcbdc49172d13adbca707aa02c4
SHA256

7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389
SHA512

5cef420aab2bdc9e9d612d92b964bd9273449c18521952cc9f5c2f0c80b547adff4b791bf6f09459b685e71181dc5e88cbb598ad13e119ce85f3df654eda4620
SSDEEP

12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sY204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sp

Score

7^/10

persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill.exe

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill
- Size
  
  387KB
- MD5
  
  56ae159db30d3c9e1e05fa5c890df4a3
- SHA1
  
  582c101e2c2eadcbdc49172d13adbca707aa02c4
- SHA256
  
  7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389
- SHA512
  
  5cef420aab2bdc9e9d612d92b964bd9273449c18521952cc9f5c2f0c80b547adff4b791bf6f09459b685e71181dc5e88cbb598ad13e119ce85f3df654eda4620
- SSDEEP
  
  12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sY204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sp
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.