Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-28...ia.exe

windows7-x64

7

2024-03-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_50965dc678cb0e0878aec5f86081298e_mafia.exe

  • Size

    448KB

  • MD5

    50965dc678cb0e0878aec5f86081298e

  • SHA1

    8e4c9012bc77b2ab7c2b31c26d8a85a47049a48b

  • SHA256

    aad15c79b4cf9ef2c89d13f07ffdf9193061acb1f30eb86878bb64d748693488

  • SHA512

    0ab6675784d133be6b5430030992c78211ab41029328aa870dd182267818051ab28fe1b6302654c741b336c2f128db281585710dee739e4a388916ba1ec93972

  • SSDEEP

    6144:3FrJxvldL4c5ONK1tgRbd1s79+i5+B77SwfVBTAfX6IQ8E5iwRSx5GEHLAEX1JYW:lb4bBxdi79LWffTw6kySXHLjPaxowSyS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_50965dc678cb0e0878aec5f86081298e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_50965dc678cb0e0878aec5f86081298e_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\1536.tmp
      "C:\Users\Admin\AppData\Local\Temp\1536.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_50965dc678cb0e0878aec5f86081298e_mafia.exe 3FB43BC4F939F0DDD931CBDEA8A165628267820E689266CEC9B4F09BF4984BE4647EB203D9E00E2D891B60E1C753626875178A59CA43A513C0DA07527E944537
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1536.tmp
    Filesize

    448KB

    MD5

    9fcf8f914aac6d87fa7ecb9feb0bb386

    SHA1

    073e976e486bb913422f683f47f8c3ca749e8b67

    SHA256

    aae3502e1ce78c136633a6cd282309412b776f30214e2c663fbecae481f7c603

    SHA512

    afd082d8f1e051e1a750d1f23ac322d6143b0b69713b9d060394c9eb3a745a6eedc3ea7c1486fe69ef30c6c20e7d29e5f69c053aa0a5f19769480925ed330279

    Download Submit

  • memory/2632-6-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2632-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3028-4-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download