Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-17...ia.exe

windows7-x64

7

2024-04-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_1bcbc00bf6ae1670dc0715109d5dc4af_mafia.exe

  • Size

    468KB

  • MD5

    1bcbc00bf6ae1670dc0715109d5dc4af

  • SHA1

    f9cccf0b443f8128293d5fb881b6ccac255a8c7c

  • SHA256

    b560dc0c93d0b96c4039af3fdbde6b300dc81528cf8e01ba37fd6e0daf1cfcd6

  • SHA512

    2d3b8f14a424df2780916a798f4efd1fb15aa5b1a503cd6eac269f7feeb0b07ed088610114d8a7d43779f13c8b8aecf0aba8d491ee5f287fb913f1ecf9be28c1

  • SSDEEP

    12288:qO4rfItL8HGvfVl0b0Yzrht5x5bs/vU04YpcPlhbG2XH7bWmeEVGL:qO4rQtGGHVSzH5xlSM9YolhbG23umeEk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_1bcbc00bf6ae1670dc0715109d5dc4af_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_1bcbc00bf6ae1670dc0715109d5dc4af_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\F26E.tmp
      "C:\Users\Admin\AppData\Local\Temp\F26E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-17_1bcbc00bf6ae1670dc0715109d5dc4af_mafia.exe 013ACD11BADEFB243FC3C328CC251CFF8D42165399EB4506D73C4B4266013453E52F298971A298345706BAFE793EC8C3D2D203996D1148156C6A5B0A91BB054C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2404
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5048 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2072

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\F26E.tmp
      Filesize

      468KB

      MD5

      85239ab6d5a8cf0b338f6eec5a04756b

      SHA1

      a6420fb99fb57a3ce475ec4468d1f32e1e0da063

      SHA256

      3511c74006146cb6da7519dc07918d770c0378f4ce337e20eeae4c820a6ca0cd

      SHA512

      ba9d2b1694b79cd2fb499317a94e0d06df91a104546b7b7e774e1d7e6b7842562e2b29c78d8d963dd0de16c52cbe6bd3622447ccc66584c60dc77e43488dac78

      Download Submit