Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

2024-06-29...ia.exe

windows7-x64

10

2024-06-29...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 01:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-29_9b7a7273b86b36290b3aeed5f3e5592e_mafia.exe

  • Size

    3.6MB

  • MD5

    9b7a7273b86b36290b3aeed5f3e5592e

  • SHA1

    065a1876ba99879eda8d777a7469a305d6fbee53

  • SHA256

    c2102aa0acb0116b4501663081e45a8bb57d73747aa9843f5efa119e9f79736a

  • SHA512

    5cd19b63037d835dd6b8a53329f8a980bbbb7169aad10ffdd0ae1ba24a0bad7e7690b113f2553d3582062f7fd0a47439c68211ba9e7163fa9c62d27c15abed96

  • SSDEEP

    49152:tvzUbobNPjTxUvXqPke8ke5oY6cQU5rsG6pAQ7kATRAjmztGKy+ljvTsy+qFvaw6:tvZPkeZe5oY6cQU5rsG66QVAq5zHCJN

Score
10/10
banloaddownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-29_9b7a7273b86b36290b3aeed5f3e5592e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-29_9b7a7273b86b36290b3aeed5f3e5592e_mafia.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2960

Network

    No results found
No results found
  • 255.255.255.255:15348
    2024-06-29_9b7a7273b86b36290b3aeed5f3e5592e_mafia.exe
    276 B
     6
  • 255.255.255.255:25696
    276 B
     6
  • 255.255.255.255:42852
    276 B
     6

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2960-0-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2960-1-0x0000000002820000-0x0000000002A26000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2960-8-0x0000000002820000-0x0000000002A26000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2960-15-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2960-13-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2960-14-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2960-16-0x0000000002820000-0x0000000002A26000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2960-17-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.