Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-17...ia.exe

windows7-x64

7

2024-04-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe

  • Size

    2.4MB

  • MD5

    14d8c900ec33aee016a8c0877e0f1577

  • SHA1

    b07c8d59c64c0e22c2bddb18bac512fad46d493d

  • SHA256

    02b7cf6d81b1723d0153b24ffae8ef0e183ee98aa40b0b15e1b31527c3368cd4

  • SHA512

    7c48113c0183124848f05d148ac4ff1be7970d5a980633f8470ac206c221f066c54ad5a3e98ce01a515ebc2d8870a48e23b0afc087c2e8881534df9aa8c68f3b

  • SSDEEP

    49152:wW/0gqRwuMCoWn8iC2elj9hYe3qRNsrtGKT9hCHp1tVxNxrEh3S/P+hmBCSmsXVL:rCoW8iCRjcqqRNsr0715a3SuhmBdTlv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\jds259479707.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\jds259479707.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jusched.log
    Filesize

    1KB

    MD5

    30428f942f0a9d112abb60cc0a24ab5e

    SHA1

    975248946dc2c02e21613b0f84a8b5c1288f5f7c

    SHA256

    485b68b2c07ba9132163b35b03941a160e547cbb95da754e37b49fd81e004793

    SHA512

    4715ed8d99dcaaf3dafa98a362018fde8b7b85c787fb39ebd48861101adab6f531c908497e6fa663d27647f10fef17b5abced069f98bc049c24d20bc32802970

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jusched.log
    Filesize

    4KB

    MD5

    100dd06263fabba0af1b20445e6d0dd5

    SHA1

    ce1ca13f757744f055a36a92633ef87924f26e94

    SHA256

    6b47cc548df2e82151202733f0a9a28de1cf49e2765487dc191a6993a4d7ffe8

    SHA512

    210963f1c1050968b5529f618a14891089facf10f512ec31ace94c8e6b5314d052348f9217503ad010f795394e7c3d4bcd6f848e34ab15f8db67d230aae4a8b2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jds259479707.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
    Filesize

    1.6MB

    MD5

    db617e33f27f294d96bfef2e0df21646

    SHA1

    febd62a7b905e1ecea0a366b5edd0839c54be1d7

    SHA256

    aaf107879a63277ab92317c24c0cb476e638483c628964de2b4ef1fbcc05c460

    SHA512

    9f600b80ccb9593ede90e901e9425fac77da9e4c924ef27b21cfe989cfb5839dcffcbf7292c0f465e123053a69a03750994f65597b43b47ae915a06942d5b430

    Download Submit

  • memory/2240-6-0x0000000000400000-0x0000000000670000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2240-175-0x0000000000400000-0x0000000000670000-memory.dmp

    Filesize

    2.4MB

    Download