Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_b73960db0f36c55342168205f2551b10_mafia.exe

  • Size

    448KB

  • MD5

    b73960db0f36c55342168205f2551b10

  • SHA1

    4707da88502e4dd3fc2031c4143282f631cc9e51

  • SHA256

    3df5640326ed5fa58cd2c3411c5d40e31dc20feb2b8170b4fb894a267a05bfd0

  • SHA512

    dc7aac93f69b65d3aaa9ce2c4c2483d3a34ae595cd30f72f2d55f164ebddc493763d1e37a6fffa04a049275b11343164112ba61b7f5feb2864222dd5546c6eee

  • SSDEEP

    12288:lb4bBxdi79LHKwwI2OehEN2W/4B+n5VcS0jA4:lb4b7dkLHKnIZ7N2WgBETv0b

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_b73960db0f36c55342168205f2551b10_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_b73960db0f36c55342168205f2551b10_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Users\Admin\AppData\Local\Temp\731D.tmp
      "C:\Users\Admin\AppData\Local\Temp\731D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_b73960db0f36c55342168205f2551b10_mafia.exe AC0F7F2849C32DD5CB960738F299668ED2AABFF348083E342E4792410CD8E745B614FB5704C05F9D9F23BE750B02B58F5E46CD86BFD301E08E036BB36C188259
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\731D.tmp
    Filesize

    448KB

    MD5

    2c13faf62d5272679e60c62fa9e2434c

    SHA1

    7c0c6bfd8219ab1cfa4bf5d4cc605ced0050e85d

    SHA256

    e2e74813d930420cc8bf5e99a7b64c04f1b9bd2611c94da88029b4811db47b32

    SHA512

    c441fd9b2d036cd343162669232077af9b604cddc3466ea4a4234842cde03eb69b453ff0997869bc7a2f4c862f138bb6e99dd9f5838cae523d1346e935b7dfae

    Download Submit

  • memory/2868-4-0x0000000000760000-0x00000000007D9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2868-7-0x0000000000760000-0x00000000007D9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4368-0-0x0000000000140000-0x00000000001B9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4368-6-0x0000000000140000-0x00000000001B9000-memory.dmp

    Filesize

    484KB

    Download