Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 00:49

General

  • Target

    2024-07-01_44bf3be89183d4ca5bd74aec108dedd9_mafia.exe

  • Size

    2.3MB

  • MD5

    44bf3be89183d4ca5bd74aec108dedd9

  • SHA1

    305c4c35302019c21250e4d318473d18ac57fb79

  • SHA256

    3575719618781d1118295e4f925f1a64a04341064a7272a5af8f3fca56e8baf5

  • SHA512

    37218f8c8b7a6ecc972305b82ec477af641b4c33797a114d4cbb7445493e5c0d6e2934efac59847138ba8ab63a62f3b479150a47e260e25923314fc033848b63

  • SSDEEP

    49152:vZRpZ8sSugiO+Kq2SDNNgaciS0O3BZrLsPZQn90IYPqIqeL:1Z8/uUq2SvgiK3BZ/sBQn90IpI

Score
9/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 16 IoCs
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • Loads dropped DLL 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_44bf3be89183d4ca5bd74aec108dedd9_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_44bf3be89183d4ca5bd74aec108dedd9_mafia.exe"
    1⤵
    • Checks processor information in registry
    PID:2008
  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2296

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\32\LockXLSRuntime.dll

      Filesize

      1.4MB

      MD5

      9f4540c1227111a9f1466cb8e9f44977

      SHA1

      d8d0533884b02330a7c24e2217705d02242216d5

      SHA256

      7eeae01c7b5e5927436e3fdab844d185e8bdf30cf33df595bdf55bbd86708caa

      SHA512

      01348a05fbc97b4a85d498a7de36a52764b50025be6fa3b83c1806eedcc049ab9febfcb5a611846e762b34689fd154c491e1ea52406012885c47e2b78d096863

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\empty.xls

      Filesize

      22KB

      MD5

      29c44d16abfff0d8ccbd43a80871a904

      SHA1

      5f6417443a42856fd13d90e56153a8b5d272dffd

      SHA256

      63c99e16ff5432d4432fd01de90d549f1c898049d63422450cb93ab8e29fdb2d

      SHA512

      ed62a24fb42abb49a8c23aab6c4e140b4b98a25227c100f9c8081f325ba3a41d6b49a5628a704db7f1207bc0c3bb852ea02d88f4a868e7ec1f2ddf599d0839e7

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\lxLdr.xlam

      Filesize

      26KB

      MD5

      68ae3f8f60641e3b6e40c907e9f01daa

      SHA1

      204d0f28e2970af8a6727198b88edbfdd19d5c51

      SHA256

      759024e88c6e0063004bb09392922af4010aec87dc7c8377451c87ab13a68bf0

      SHA512

      443d53552354407df61d688223381bfc31f61c6b2bf9618f38e18f74490e8f98ad0dbb3128990c58b4f3094790908b84eb63e62070c337385c20c8a8699bcbcf

    • memory/2560-132-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-202-0x0000000074E60000-0x0000000074E85000-memory.dmp

      Filesize

      148KB

    • memory/2560-48-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-50-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-51-0x0000000000730000-0x0000000000830000-memory.dmp

      Filesize

      1024KB

    • memory/2560-52-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-53-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-55-0x000000006CE10000-0x000000006D09D000-memory.dmp

      Filesize

      2.6MB

    • memory/2560-54-0x000000006CA10000-0x000000006CB7C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-56-0x000000006CE10000-0x000000006D09D000-memory.dmp

      Filesize

      2.6MB

    • memory/2560-9-0x00000000727AD000-0x00000000727B8000-memory.dmp

      Filesize

      44KB

    • memory/2560-69-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-78-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-76-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-74-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-72-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-71-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-68-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-80-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-77-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-75-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-73-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-70-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-60-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-59-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-58-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-67-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-66-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-65-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-64-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-63-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-61-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-62-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-82-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-190-0x000000006C8D0000-0x000000006CA03000-memory.dmp

      Filesize

      1.2MB

    • memory/2560-149-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-57-0x000000006CE10000-0x000000006D09D000-memory.dmp

      Filesize

      2.6MB

    • memory/2560-46-0x0000000000730000-0x0000000000830000-memory.dmp

      Filesize

      1024KB

    • memory/2560-8-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2560-191-0x000000006C8D0000-0x000000006CA03000-memory.dmp

      Filesize

      1.2MB

    • memory/2560-188-0x000000006C8D0000-0x000000006CA03000-memory.dmp

      Filesize

      1.2MB

    • memory/2560-189-0x000000006C8D0000-0x000000006CA03000-memory.dmp

      Filesize

      1.2MB

    • memory/2560-196-0x00000000727AD000-0x00000000727B8000-memory.dmp

      Filesize

      44KB

    • memory/2560-197-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-198-0x0000000000730000-0x0000000000830000-memory.dmp

      Filesize

      1024KB

    • memory/2560-199-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-131-0x0000000005530000-0x0000000005630000-memory.dmp

      Filesize

      1024KB

    • memory/2560-203-0x0000000074E60000-0x0000000074E85000-memory.dmp

      Filesize

      148KB

    • memory/2560-205-0x00000000744B0000-0x00000000744C3000-memory.dmp

      Filesize

      76KB

    • memory/2560-204-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2560-206-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-213-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-225-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-227-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-222-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-240-0x0000000000730000-0x0000000000830000-memory.dmp

      Filesize

      1024KB

    • memory/2560-239-0x00000000727AD000-0x00000000727B8000-memory.dmp

      Filesize

      44KB

    • memory/2560-226-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-224-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-223-0x0000000075D80000-0x0000000075F95000-memory.dmp

      Filesize

      2.1MB

    • memory/2560-221-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-219-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-218-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-217-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-216-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-215-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-214-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-212-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-211-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-210-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-209-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-208-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-207-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB

    • memory/2560-220-0x0000000075420000-0x000000007557C000-memory.dmp

      Filesize

      1.4MB