Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

2024-06-11...ia.exe

windows7-x64

6

2024-06-11...ia.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-11_837715d5720f49e3c31c363df0f0dc38_mafia.exe

  • Size

    1.1MB

  • MD5

    837715d5720f49e3c31c363df0f0dc38

  • SHA1

    7ecb2c665f6b408d94330c7a83a04d3c3c39affb

  • SHA256

    ccf5fbef6b494e14ff74555796f905f53e43920435dd8ed793e9bba5b1831b48

  • SHA512

    209c299cb1647f83e0899f4c50c5a8b800d087c1864d0d47997f5d8cf802e66878e8f8959d4872a1e901f17749e4f006939ddf91d28b19142a0898c81022a7ea

  • SSDEEP

    24576:yRFJPpTsearbFq0kh8iQekla1ux1cnbIm6gQJgk870I:UpBYekla41cnbIm6gQJgk870I

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_837715d5720f49e3c31c363df0f0dc38_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_837715d5720f49e3c31c363df0f0dc38_mafia.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\Baidu\Common\I18N\conf.db
    Filesize

    367B

    MD5

    e46baf145c3575f1322b90a7e65993b2

    SHA1

    b4eae699b04c3bc76a50a48cb248b8f279631f64

    SHA256

    d3277ed831064e72fa198e7f0ab7df8074e2209a1a9142acd17c64edcaf8ad01

    SHA512

    725dcdd09351f6cff97a1304a87e6b23e6a4e6a770a3bb7e9dd180859e834b811a8255e3ceccf01f07d78aeab17adccbc1d71d1a016618ea957fd83176520f97

    Download Submit

  • memory/2588-8-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download