Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-17...ia.exe

windows7-x64

7

2024-04-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe

  • Size

    2.4MB

  • MD5

    14d8c900ec33aee016a8c0877e0f1577

  • SHA1

    b07c8d59c64c0e22c2bddb18bac512fad46d493d

  • SHA256

    02b7cf6d81b1723d0153b24ffae8ef0e183ee98aa40b0b15e1b31527c3368cd4

  • SHA512

    7c48113c0183124848f05d148ac4ff1be7970d5a980633f8470ac206c221f066c54ad5a3e98ce01a515ebc2d8870a48e23b0afc087c2e8881534df9aa8c68f3b

  • SSDEEP

    49152:wW/0gqRwuMCoWn8iC2elj9hYe3qRNsrtGKT9hCHp1tVxNxrEh3S/P+hmBCSmsXVL:rCoW8iCRjcqqRNsr0715a3SuhmBdTlv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Users\Admin\AppData\Local\Temp\jds240607890.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\jds240607890.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jds240607890.tmp\2024-04-17_14d8c900ec33aee016a8c0877e0f1577_mafia.exe
    Filesize

    1.6MB

    MD5

    db617e33f27f294d96bfef2e0df21646

    SHA1

    febd62a7b905e1ecea0a366b5edd0839c54be1d7

    SHA256

    aaf107879a63277ab92317c24c0cb476e638483c628964de2b4ef1fbcc05c460

    SHA512

    9f600b80ccb9593ede90e901e9425fac77da9e4c924ef27b21cfe989cfb5839dcffcbf7292c0f465e123053a69a03750994f65597b43b47ae915a06942d5b430

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jusched.log
    Filesize

    155KB

    MD5

    4a050d4d508f78e83878c990f10ade93

    SHA1

    d229243434a89ff778c4a503203d3b01db955336

    SHA256

    5fe6623fb5a3c9a084aaf16a97f181023b57e0a3a6c994867e4e556688f8cb3c

    SHA512

    869ab645a71e50f2578ef9d41de5e8b039801c6e7f5a32b3413b09314673fb4e4d1521b90acffa99214d5b65602d7529ff9b89371eac70db485f7f24b3f1face

    Download Submit

  • memory/1852-0-0x0000000000400000-0x0000000000670000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1852-116-0x0000000000400000-0x0000000000670000-memory.dmp

    Filesize

    2.4MB

    Download