Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-06...ia.exe

windows7-x64

7

2024-04-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe

  • Size

    448KB

  • MD5

    9f28677ce9777597f0b5e4b785b24346

  • SHA1

    0349ad0b0200e5a2fc35849131617dae8b58e4a1

  • SHA256

    6fd3d7d2d84865948687ce7f0f2e5471dd1f5f4fb32dc8465a6690a3005d8bed

  • SHA512

    4f71e3a68a5d5879c8a99a45cb8bd5f8a38b958ffde901072c5cdbcb15486b3184b3868f35d996bebbea21430d1132f1d2d74598e5f3ed86f27db1336371c004

  • SSDEEP

    12288:lb4bBxdi79LxfYYczgcCO7rPlYEUik39haw3tHu:lb4b7dkLI/7rPlYUEaQtHu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Users\Admin\AppData\Local\Temp\51D9.tmp
      "C:\Users\Admin\AppData\Local\Temp\51D9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-06_9f28677ce9777597f0b5e4b785b24346_mafia.exe ACFB39EAD6CD8885C99E04649554CE7053D552F86CDB7D95AFA7AF2D53EAC145C51CEF21C0C277DFC4451B467F18E54C929DB756EC5631AA37E3081617A7C8C1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\51D9.tmp
    Filesize

    448KB

    MD5

    59cebf153184c90e070644aa721eea10

    SHA1

    ced6a112d4b9f6e2b5831043d4cbed2486bbffac

    SHA256

    3b13ed143c1c8d030c8c86cf51ebd123d8e1942a195a077925d8fb589d89d11d

    SHA512

    949d2d3d7e570eb2ac42782abb9f856e5f9a0a10ad9e2412aef218d12f1f8fbfd6bd6e26c15e660f9889025ea117dcfc2aec2f48a27dd0ecc9b28e35d36b24a6

    Download Submit

  • memory/696-0-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/696-6-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2068-5-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2068-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download