Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-09...ia.exe

windows7-x64

7

2024-04-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_234c5545a85c0348eb0bebe9477aef2d_mafia.exe

  • Size

    384KB

  • MD5

    234c5545a85c0348eb0bebe9477aef2d

  • SHA1

    0081a78f1910fc7ec153beaab6664ded10195bbc

  • SHA256

    57517e7302ad5332536f39e4d1faa6d649f5703df7d738e535e2c66278c5a3d8

  • SHA512

    ef5ee7f5a134da76d93779b0882e5961ed6997492158261c9bbf8af8fd261d8e625e4b6c66d51b15c53e7f4313b2a1e829f167a86563c27b2522fe20d5a95003

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHMi2JOQ+ae1FFoJpntT+ciYe7s1ApPhp0bVEm9dP:Zm48gODxbz+ikOQ02ntyRvTpT/mrYUZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_234c5545a85c0348eb0bebe9477aef2d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_234c5545a85c0348eb0bebe9477aef2d_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\A8A.tmp
      "C:\Users\Admin\AppData\Local\Temp\A8A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-09_234c5545a85c0348eb0bebe9477aef2d_mafia.exe 9177E95C8C1AF1CB61B69BA8737DA644E84CC0DBBACAB1D79E02E53F7524B3DCAC8594F4093E73EF3CBC92D2A0A91F1ABFBE1A8E1E6B6FAFC1A7A3E2F4BA0A55
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2024
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1512

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\A8A.tmp
      Filesize

      384KB

      MD5

      9adfa37e1a3ea9a0f7059f12a539c43f

      SHA1

      1b01d8934f37189dd7d3171a13b51cdb5c466411

      SHA256

      9ca2e086db692a766716ed7f37372b6023f3075a17e3790240dd341e6c8fb73a

      SHA512

      297ee2d2a8d87f80d5775b92b17c821dee565c140bb20a688d57b07023e960c89f674ef2d381b18c18da296621713a21e7f3b148c3b677718afb02b69e367b6f

      Download Submit