Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe

  • Size

    412KB

  • MD5

    d483d66023011c4b7fa61a0a5ba81f5f

  • SHA1

    666faec8a6546d516debe410e4a64d99cc1d3d1b

  • SHA256

    4283780b9dc28a9fb9c7b40f9deea4e925b56d92ba32d9a36b799a20592b7944

  • SHA512

    0a022d3bd6ddc667c2c81e94ca62b14dbdc23bc150709cc8e069c0e6447411a994cd6723a2cba4f6a6854a48896b3b05c9d0c44969eaadf65e6c50fe138e40e9

  • SSDEEP

    12288:U6PCrIc9kph5uhme0fhXbQAAncolVZT60ue:U6QIcOh58WhLf4VZW0u

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\1BB1.tmp
      "C:\Users\Admin\AppData\Local\Temp\1BB1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-27_d483d66023011c4b7fa61a0a5ba81f5f_mafia.exe 808EB8EBC868DB49007955C7A3CB999CFE9AFABE444596181918F77ED64F51FF50D0A6E241145135336028129D99517DFC429FB740CFB047091D47AD8462C0BA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4548
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1924

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1BB1.tmp
      Filesize

      412KB

      MD5

      9a8b21ce31aed5fa74559a3e32667a8d

      SHA1

      2e4ed15e2c0ced6ca8d1fe1d06e6a1c0e30c1f49

      SHA256

      5025f48bdb2efb7066671c7137c1225459a0e1640ba10713ca7d4cdc8036c339

      SHA512

      bad5c706dca2ac6ec03c2756ff28cee2ad05017f841dd4b1ae88481201483f1e8fff24de1220ec18da708b30df504b0b79700a13e7ab1224446be9a1f34ecdaa

      Download Submit