Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_7f6085cac46b319a3c1de82b690dac4d_mafia.exe

  • Size

    436KB

  • MD5

    7f6085cac46b319a3c1de82b690dac4d

  • SHA1

    50f132edfb8b750e05478001fe54bcb551198d95

  • SHA256

    aae934a07ca23ee81b51a641ef4d57efd8e45ce53d1ac089b21fae0b905deb25

  • SHA512

    bf27d631074e85fe3530f3ef248f8d5fe117f2ca230973be1cc0926150716f5c137358d760a8b379eccc4fcb023affb880ab85941abe0064bab898c5509ba67c

  • SSDEEP

    12288:aO4GfBtL8HPSvN6hOAzWl8J8FMj69adoJ8FH738rK7X:aO4GZtGPwNkVWurcadoaBQrw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_7f6085cac46b319a3c1de82b690dac4d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_7f6085cac46b319a3c1de82b690dac4d_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\8A74.tmp
      "C:\Users\Admin\AppData\Local\Temp\8A74.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_7f6085cac46b319a3c1de82b690dac4d_mafia.exe E615295FF426F5681E90D12751126B2D0A705DB813B4BF24564F78D95D4424FFC4B257123C99B3C22025BAB8E6158D0012EED54D3B3434B556880542CDE2663D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8A74.tmp
    Filesize

    436KB

    MD5

    5cee90b051d9326202b1f219abd557b8

    SHA1

    ac0f1969d2f85b94a1820a44adb94643b52a38d0

    SHA256

    474c32a6e040e526fab463700fb7ebee46cb3d4b0a1c2dae60bd180c792a5c55

    SHA512

    5325073b8ecc928d1ab0ac9f0a5a3f810fbe52d21290595e542dfa15f22b414fff2cdcae9ba7c75f0c31195029677c17d7fb621e3d154c6346bc77545dc0aa8d

    Download Submit

  • memory/2344-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2344-6-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2344-5-0x0000000000270000-0x00000000002E6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2984-8-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2984-9-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download