Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-16...ia.exe

windows7-x64

7

2024-04-16...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe

  • Size

    413KB

  • MD5

    5e180d5327fbafe9059fb3c791fe9a77

  • SHA1

    5aea38ac8eb1bf15fb567480f8bca88d9c3f1e68

  • SHA256

    057ae3b998a657ea79e2462f0ad615cc2060634ee2c3e020cc00f07a3a69fc59

  • SHA512

    1d2b68587f31c12f80b19b649c4dc35c3e4d31a9ccd678ec725ed15b14b594db7d175e6e5c42911cae6e2f99c458e87bbcad6179b2f508f2166594f9ca065b24

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFS4y4sckcGykVnXfXpQjI10RzKBdqHg:gZLolhNVyEwyqk5zVXPKk10RMqHg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Users\Admin\AppData\Local\Temp\2BA.tmp
      "C:\Users\Admin\AppData\Local\Temp\2BA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe 9FCB80AF6A265E8CC65F56D05815A9A0FEDE0EAD1A1AD0B376D738AC33B5E4823B6E2E682AAFA54EC4FE366F5CBBE765306407A5B6181E3F3154B4605820523B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3852
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4336

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2BA.tmp
      Filesize

      413KB

      MD5

      3ea48f13ccf0ac87b7b1ffe2c7d93a3e

      SHA1

      9bf897784e3e874add21e1327dd7814e658eccee

      SHA256

      ec6ae53fb18613b8f1b7c19a4abb6324e05c7d77a1ba4345ed23d7475e2ebb3e

      SHA512

      fbab1caa1d357755266bb04577783cd1c57c39cc753bf527ce6ba1dbd22f4ae27f8f86071dc6ec5eaf579d3b3bf0ecff2f9b06cd75dc5e90a166ba8f84a47743

      Download Submit