Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-16...ia.exe

windows7-x64

7

2024-03-16...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-16_574d3b22763903f1ea6bb36d4b005a66_mafia.exe

  • Size

    476KB

  • MD5

    574d3b22763903f1ea6bb36d4b005a66

  • SHA1

    dea1a30816ab9a1ebaa3a9c9d057582b3579ca45

  • SHA256

    a33f200b5bf5a972f3878ade987e98b76675e9a1ddd6e4948467cb305ae7332a

  • SHA512

    0a1d709f913fd2bad9f87992bc6f8542bf75a5a564f5d0eaf46486623bbfd9bff14aa3c6aa565ed29e5c5c39a7359eddd05f1f68c34a087bd8f44c97e0bf7e7a

  • SSDEEP

    12288:aO4rfItL8HR+sRc9XWUjAoyTo2GphPxwloSO7K9wlsDpVFd:aO4rQtGR+siFWU8LE2GpjEE+9wlsDpVT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-16_574d3b22763903f1ea6bb36d4b005a66_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-16_574d3b22763903f1ea6bb36d4b005a66_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\27A7.tmp
      "C:\Users\Admin\AppData\Local\Temp\27A7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-16_574d3b22763903f1ea6bb36d4b005a66_mafia.exe A384466BF63040355A23A508F565F618FDBA4081DDE10E6F12E0017618188344E781FC35E3DAB684521438EEF76CB9DABFE40107C08C2295D6265B11EAC25B05
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3460
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\27A7.tmp
      Filesize

      476KB

      MD5

      32e45c8e4141c549f5b6a5635351064c

      SHA1

      ef7ca6d411b44c71fedb68b22d353fbab42b02e1

      SHA256

      e291de7c1ca971cd8cc232fa8732dcfc2e55b1396b31987e748f3c322544425a

      SHA512

      66fc40d8c2792bd3e49b6a143ca3b684ebc8b8ea259d6e9855a6daf56af785002fc6e1bf9f7856ec382a925018d9f7b1ebcd4fe13622d287e0d6c10ddd9fd986

      Download Submit