Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-08...ia.exe

windows7-x64

7

2024-04-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-08_b007edc67ca9b27d4b32aaa9704f3ca7_mafia.exe

  • Size

    448KB

  • MD5

    b007edc67ca9b27d4b32aaa9704f3ca7

  • SHA1

    d51ca2719978f14ca0498457678fa4816b391225

  • SHA256

    02800c94907833b7c3ba3566a283e353071eb9f692f77b48204cc51ffefb62d9

  • SHA512

    a1519e9e663c282ff03c36c2f6676e627e0faa5871ee1e37ac14f11cf97480900c5d30c9dd190fe4e37478d1718eacd40232baca4fd675711d16c56b2b0c7c56

  • SSDEEP

    6144:3FrJxvldL4c5ONK1tgRbd1s79+i5+6Gtj8U8Mjd3OAW+1tJQ3zTIznnpG/qWjrN/:lb4bBxdi79LMV3u3nknpg/6mQrdM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-08_b007edc67ca9b27d4b32aaa9704f3ca7_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-08_b007edc67ca9b27d4b32aaa9704f3ca7_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4072
    • C:\Users\Admin\AppData\Local\Temp\3F4B.tmp
      "C:\Users\Admin\AppData\Local\Temp\3F4B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_b007edc67ca9b27d4b32aaa9704f3ca7_mafia.exe A0D905CBD5A5B3B7E6BCB7E643FA0360042C0CCB9068B296CD157BB656BD22CC825CD2B558ABD887028FB4BA387FFA2A4F0698FCB10AAB942655D5C741E3E00A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3F4B.tmp
    Filesize

    448KB

    MD5

    2c185a2fe87cf8c90078db790e6f3baa

    SHA1

    397149073285bb5ebbcbd4bb73379ff6e857287a

    SHA256

    02931fd5456a88c60269aae489477e85f81bf2d71c1d6b15226977cc70fe270e

    SHA512

    789b197e2c0bbb42d09227d25b1dcb968e3d0d003fa301ebbd46cdd2dc00bdd45b31d35fccfce743edd6274d3aec3e45d07b667f99110ba0239cabd9df856614

    Download Submit

  • memory/1616-4-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1616-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4072-0-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4072-6-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download