Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-18...ia.exe

windows7-x64

7

2024-03-18...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe

  • Size

    468KB

  • MD5

    a4de8b495f46d745ce6517a4e1946510

  • SHA1

    68403dbe7ffa87ee70bf87e0699d49c724b86cb1

  • SHA256

    a892c52c0cbb353b91a206dba02cdc575981156c85143e9e3029a623c3581104

  • SHA512

    eb874e300cde2673bd591d1faba86255221c67a0c2d035cf618b6d4ea0b19bf2ccab417f716ec767447a1c0613d5ec7e864a985f6d7c8a9126f82201d6e304ec

  • SSDEEP

    12288:qO4rfItL8HGPS+/5XvXkMica2Xlb4i7bWmeEVGL:qO4rQtGGPLkMicpBumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Users\Admin\AppData\Local\Temp\EC73.tmp
      "C:\Users\Admin\AppData\Local\Temp\EC73.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-18_a4de8b495f46d745ce6517a4e1946510_mafia.exe 77DA93A1563CEE2CD668B1737F92363A54E13A18FCF4AB7C079BA8F8F92861917BF4A6873ED3217FE1461DFF8B13B92B0ED2B9B4325DAB74801A14A54FBB1E05
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2280
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\EC73.tmp
      Filesize

      468KB

      MD5

      cb2c7e2523165b8be19d06aeb1aa95f2

      SHA1

      344cfd05ae020b55473f72c1a091c4d4f0d5270a

      SHA256

      4acc82e87c304cd3bc91ec9d432e65063042e18f825bbde59d9382d0357b5029

      SHA512

      02aaab96bd243ba44cda0847737eb4d0ad72901ae5d183eef7a90ab58f7c3cd2da0671afc56000e4bba4ec2d8365d495dbee7abd43b27a21562f6ef046d93bec

      Download Submit