Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-06-24...ia.exe

windows7-x64

7

2024-06-24...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-24_23780e7dcdc15c400a6e5abb0b9abc16_mafia.exe

  • Size

    334KB

  • MD5

    23780e7dcdc15c400a6e5abb0b9abc16

  • SHA1

    806916f75bf5d614f021b13c5d584330fade6e1d

  • SHA256

    279c6daadf0407bcd578a62591d6abf21ff5eeecf3942e2988c350dac18e37bb

  • SHA512

    35064f00b6391ca32b9030d8c453cf6d86e82d7a77cf4c1118c51a2affc920836e53751c411dbb0a46fe4a07ed04b6af23ea65b857af4689a5f93303fd5d2f7e

  • SSDEEP

    6144:7+19vLTOFX4Ses9vJT0tGBmlYHP7a0umy6uibfL0lAh2:61keqgGBVHP7a0umbuCQlAh2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-24_23780e7dcdc15c400a6e5abb0b9abc16_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-24_23780e7dcdc15c400a6e5abb0b9abc16_mafia.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:412
    • C:\hhtnjyjhmvvp\q83z940rspm7gfakgumo.exe
      "C:\hhtnjyjhmvvp\q83z940rspm7gfakgumo.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:800
      • C:\hhtnjyjhmvvp\kkbljew.exe
        "C:\hhtnjyjhmvvp\kkbljew.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:6788
  • C:\hhtnjyjhmvvp\kkbljew.exe
    C:\hhtnjyjhmvvp\kkbljew.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\hhtnjyjhmvvp\xsfmblwyy.exe
      vbbsvwzoyebq "c:\hhtnjyjhmvvp\kkbljew.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:5844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\hhtnjyjhmvvp\lg3bzwowflqz
    Filesize

    4B

    MD5

    ab1040d366c95e8e786c6790b25147d5

    SHA1

    0af41e3eec34950d43bfd89f82b4311725d34a19

    SHA256

    a51be679cec5c749c81aae962363e875bbea225aef9a79350475133556ac0738

    SHA512

    94c425871a0cc9a03347336bf9d920bcde26d11b7cb4ecb730e5fa67fbd45101d38bcdc5539adbb42ac2ee3f1bf49722e15889845c51d3c2a109a6afd5784f61

    Download Submit

  • C:\hhtnjyjhmvvp\ozjekxpgtoy
    Filesize

    9B

    MD5

    a9317f8ac538cb2add3d8adeb241e46f

    SHA1

    0a57b5e48abd2fa5c039720922e5644d0360220c

    SHA256

    a5a2528a3e8f42b09615f90f03d8ac1d866fe6d53c10616e35f9380cf76d71a7

    SHA512

    2d9ffefc1a0c943830eb5431cc9e54bcb265e1a9fcdce113184ad031efb13189e32546f00dda8275aee6adc1a5b5a4211d4d3ee563fc61934ea2d91cb5b22b9e

    Download Submit

  • C:\hhtnjyjhmvvp\q83z940rspm7gfakgumo.exe
    Filesize

    334KB

    MD5

    23780e7dcdc15c400a6e5abb0b9abc16

    SHA1

    806916f75bf5d614f021b13c5d584330fade6e1d

    SHA256

    279c6daadf0407bcd578a62591d6abf21ff5eeecf3942e2988c350dac18e37bb

    SHA512

    35064f00b6391ca32b9030d8c453cf6d86e82d7a77cf4c1118c51a2affc920836e53751c411dbb0a46fe4a07ed04b6af23ea65b857af4689a5f93303fd5d2f7e

    Download Submit