Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-26...ia.exe

windows7-x64

7

2024-03-26...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_bb13ac19328bd10d64ffb03c2431c4d4_mafia.exe

  • Size

    433KB

  • MD5

    bb13ac19328bd10d64ffb03c2431c4d4

  • SHA1

    47ba2703e7cc0e10907c51fa81ca6c9abfea4a99

  • SHA256

    79aea6cea3221e2a8d3514c2729d836921c37fee8725960d94a51d2445e633e3

  • SHA512

    348d7ca8daf24d7e2b6b4a68738dcfda8499ab850ed0a8da1dac84c8597a5f653ec33b98f63578f07674359380f2b4c0e18ae2d1feb4b7612c4310b159e36f9f

  • SSDEEP

    12288:Ci4g+yU+0pAiv+b/PJMde6FOaeOK+5GlyoHjpwn:Ci4gXn0pD+bJuB8myG

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_bb13ac19328bd10d64ffb03c2431c4d4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_bb13ac19328bd10d64ffb03c2431c4d4_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\829D.tmp
      "C:\Users\Admin\AppData\Local\Temp\829D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_bb13ac19328bd10d64ffb03c2431c4d4_mafia.exe 26B1960D1E395CD50BD428AD86C752C999DFE295FD15519B4C1F71C80AEF85A0AEB6C91579A300340772EE4B97344D522AB23972CEF735BB6BCF34600F03E47A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3700
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4372 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\829D.tmp
      Filesize

      433KB

      MD5

      b0feb878f3b5810ca8325a27e9410ede

      SHA1

      b75677d0d712ec060a1d5f986b7bd6d44972a66f

      SHA256

      5577ab2fda856d6bf6a1a538a9c0735b56364a081d9a7c929e46b8f51f742151

      SHA512

      1a9e735c363745e9cf912873c93a1854ba569753d0a88454ef84d76b5b36774dc44ff7a4e6194613f99d5d882b5327798aae8ed2a3f9b2b10bb4c052688c1dbb

      Download Submit