Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-26...ia.exe

windows7-x64

7

2024-03-26...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe

  • Size

    486KB

  • MD5

    f8322fe3edee5d6028c6b908f896c286

  • SHA1

    d37ee0177a29048a9568f862e530245930dca497

  • SHA256

    744ca54e927d284bee875c14385478b9175c03a1f760cb9cd253844df2eefa0e

  • SHA512

    f51cb553f93e8599fb9972e222d5f7ea5df564ee2d812b5289c59534bf559a422bc3d601762b6068700ab73f1af38b05de81aefb3ad0f749910b7493b85d25c1

  • SSDEEP

    12288:3O4rfItL8HPgwAGO//3X0Pzvsqrue7rKxUYXhW:3O4rQtGPFA/HO0q33KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Users\Admin\AppData\Local\Temp\C081.tmp
      "C:\Users\Admin\AppData\Local\Temp\C081.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_f8322fe3edee5d6028c6b908f896c286_mafia.exe 2B42FB4A923714F020F9FB7D2D492B827AA70806F3ACD82F307C614D42637370607F25F6D47C16C41F907D6869FD5C32CF1D2EABB2F0BD42557D0E5C5BBDE823
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3176
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2192

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C081.tmp
      Filesize

      486KB

      MD5

      4477a136ab1f4a9d588387e1e2ec0fc8

      SHA1

      02f026edd937970cbe2a179956b4917274e11879

      SHA256

      3cfda4cf86e928893543b84a5173b6519f2c269ea7d44b7bafde4c6579df9b11

      SHA512

      8ba52ccfeb5be0950cd9a873b423091d596ee1c03865ff925db947cd6efeea317a2e7c90397863ebf738af1dbfc031c9069d4171d1a0734de406758b93648dc8

      Download Submit