Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-10...ia.exe

windows7-x64

7

2024-04-10...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_dfc0c89ba18c97597ce621e9f1e213d0_mafia.exe

  • Size

    441KB

  • MD5

    dfc0c89ba18c97597ce621e9f1e213d0

  • SHA1

    3151f9fb8394b136073892500af13099ddf9e497

  • SHA256

    8fe8eb61f19c7ea755461ce5e42741e9962503888419508d74470d6bbdd6ecc1

  • SHA512

    79fe31e4072f509c2ae6827d3ebf5b2187cdc8c3896836dc168dd68f190b80d16097b787abec3a9142d7edecbb12cb788e534980ee2dccb4be379670cc76c017

  • SSDEEP

    6144:6ajdz4s4mDHq9OXpOd0p6Jiv+vtv0/m9NoxXIVImxEO7KaR9mLrGdlbvBX3y5ayg:6i4ET7+0pAiv+fWXeIYFztcaz+Jc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_dfc0c89ba18c97597ce621e9f1e213d0_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_dfc0c89ba18c97597ce621e9f1e213d0_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\61A8.tmp
      "C:\Users\Admin\AppData\Local\Temp\61A8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-10_dfc0c89ba18c97597ce621e9f1e213d0_mafia.exe ED330D76D284B2A18CBEF5F2BFC85FDC8BFF73C4198F1B6031C834E978C581013F22D1FA6707A470644A5C75D7E7EE9CD335368A359CDDB0C20527A1C7991B1A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\61A8.tmp
    Filesize

    441KB

    MD5

    199f829480bea9a09939fc0134823b6a

    SHA1

    69c713b1a218b68e66d679512878c413dff76ac2

    SHA256

    da1dd0d141861ff2c6c91723abaf0efe3e0d6d545817bff54a19f07ce8b4733a

    SHA512

    4586f6aa03f5ba321637e6ecaa19c5d84f4da492d7c38467b33fda1a502da6a8e76d2c1f89f7d1cff937e94c35ddb48c21d93bd68558cd311b9a29ed7464f828

    Download Submit

  • memory/2600-0-0x00000000009B0000-0x0000000000A27000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2600-6-0x00000000009B0000-0x0000000000A27000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3532-5-0x0000000000A20000-0x0000000000A97000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3532-7-0x0000000000A20000-0x0000000000A97000-memory.dmp

    Filesize

    476KB

    Download