Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-04...ia.exe

windows7-x64

7

2024-04-04...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2024, 23:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-04_a46b82ef48a82527f8bb3daf62f54af1_mafia.exe

  • Size

    441KB

  • MD5

    a46b82ef48a82527f8bb3daf62f54af1

  • SHA1

    f76e6eadecdfd33ca8c87bc3e9fe05b2ebb23e77

  • SHA256

    f487aed324f172f90f80a653d6846f7bf574b4dd4ce9e93b9daa17dc7d2eebd4

  • SHA512

    73aa0858ee4f7bd4337b6abaea2091d2eaf0be9a17b1d9ecaae4d1213b2ce36471476550832d7c1299804f57414bfc0533380d4271ebd863f25a971bb208473a

  • SSDEEP

    12288:6i4ET7+0pAiv+ujvh0PVYM+PSWK+ZDjjvJbEnLYNe:6i4ETK0pD+6vOWBKs/jvJbEnLKe

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-04_a46b82ef48a82527f8bb3daf62f54af1_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-04_a46b82ef48a82527f8bb3daf62f54af1_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\49FB.tmp
      "C:\Users\Admin\AppData\Local\Temp\49FB.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-04_a46b82ef48a82527f8bb3daf62f54af1_mafia.exe A096AF77D6E81AAC879DFDF8C4F7D4759CED95E5C771A26BB2E3B87876425F54EDEEF3DC62AD5B8C2EEF417F41D11A417845873D63C01E44A61D11524A9B2BC1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\49FB.tmp
    Filesize

    441KB

    MD5

    f56a47e483a8c71593ccd24280c850d8

    SHA1

    9d3e11855b7242581855bf1a371fb1a9d3d3f3d1

    SHA256

    1e67bb648919e60c42e5d9a77b59010e5ed3dadf05b089aefd629ae0ba891190

    SHA512

    ed48ac8bd6aadb9814a0f5c79e111ab15dd0f9192f5eced816d2443698ce261b11523d76afbd515fcfd11c8f1dab5fe4a5e624ffb4609791260b5e698df8214f

    Download Submit

  • memory/2360-0-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2360-5-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2484-7-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2484-8-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download