Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-06...ia.exe

windows7-x64

7

2024-04-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe

  • Size

    448KB

  • MD5

    9f28677ce9777597f0b5e4b785b24346

  • SHA1

    0349ad0b0200e5a2fc35849131617dae8b58e4a1

  • SHA256

    6fd3d7d2d84865948687ce7f0f2e5471dd1f5f4fb32dc8465a6690a3005d8bed

  • SHA512

    4f71e3a68a5d5879c8a99a45cb8bd5f8a38b958ffde901072c5cdbcb15486b3184b3868f35d996bebbea21430d1132f1d2d74598e5f3ed86f27db1336371c004

  • SSDEEP

    12288:lb4bBxdi79LxfYYczgcCO7rPlYEUik39haw3tHu:lb4b7dkLI/7rPlYUEaQtHu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\AppData\Local\Temp\5956.tmp
      "C:\Users\Admin\AppData\Local\Temp\5956.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe 38473DD33047848C336EFA5D87C33D1039CB1372BDFAEB737939B81E71892EC095A707ECBCFAC6F692E6FC4E57D88E4E9240C388B5D9F44E0D97B4D64F46F71B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\5956.tmp
    Filesize

    448KB

    MD5

    8c62dfde07cca5b7338cb07b8af2ba50

    SHA1

    16bd766059596b12c4e51b4b516badf5cbea3319

    SHA256

    351a14c374a11fa293a17a710a591367862c766005e3edb740a2290724c61bef

    SHA512

    a38522d58f5861f8a953a1d2a8f34926669f8d9aba46b1e96dd2d4eaa51f8e0f09dc18272e3e141c676a012343a6c3bb2cf403d25201acbd72420389de0e8196

    Download Submit

  • memory/2160-0-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2160-4-0x0000000000380000-0x00000000003F9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2160-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2532-8-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2532-9-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download