Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 00:22

General

  • Target

    2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe

  • Size

    2.3MB

  • MD5

    6994008581f513c46eb225ca9c88a330

  • SHA1

    4e7c5a7969046951096cad865aea9f9864ff3748

  • SHA256

    4f87deccc49d5c79b3fef21153a33e4e43ff4b8090bbe96e1fd70c668fd2b07c

  • SHA512

    8ffe62ee3777b1b48d2e0af400ef6a275752c85ac95f947aff0b154c0a022bdaecfe5e12876908f947d8ebf6f980550647db030444dcb0c61eb06761da2e526d

  • SSDEEP

    49152:3ZRpZ8sSugiO+Kq2SDNNgaciS0O3BZrLsPZQn90IYPqIhL:tZ8/uUq2SvgiK3BZ/sBQn90IpI

Score
9/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 17 IoCs
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • Loads dropped DLL 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe"
    1⤵
    • Checks processor information in registry
    PID:1844
  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2780

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\32\LockXLSRuntime.dll

      Filesize

      1.4MB

      MD5

      9f4540c1227111a9f1466cb8e9f44977

      SHA1

      d8d0533884b02330a7c24e2217705d02242216d5

      SHA256

      7eeae01c7b5e5927436e3fdab844d185e8bdf30cf33df595bdf55bbd86708caa

      SHA512

      01348a05fbc97b4a85d498a7de36a52764b50025be6fa3b83c1806eedcc049ab9febfcb5a611846e762b34689fd154c491e1ea52406012885c47e2b78d096863

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\empty.xls

      Filesize

      22KB

      MD5

      305e6b38fdf34433ccfbf632afa2e1c1

      SHA1

      a6232a2311e60fc7e82ef5b77e414ef8218d520b

      SHA256

      1bafd9d36ba052770052a083f668d26d4b4b6267a417ce72b12ce9b74380789e

      SHA512

      d1ff10af2e8f2019ea5e7cd5b5a74297194c349bedbdbcf50326db41da5d24bd3c48660c42c54b7211f65f66123e53df6fef076dd3d0ebba6a42bde771455be7

    • C:\Users\Admin\AppData\Local\SpreadsheetTools\lxLdr.xlam

      Filesize

      26KB

      MD5

      68ae3f8f60641e3b6e40c907e9f01daa

      SHA1

      204d0f28e2970af8a6727198b88edbfdd19d5c51

      SHA256

      759024e88c6e0063004bb09392922af4010aec87dc7c8377451c87ab13a68bf0

      SHA512

      443d53552354407df61d688223381bfc31f61c6b2bf9618f38e18f74490e8f98ad0dbb3128990c58b4f3094790908b84eb63e62070c337385c20c8a8699bcbcf

    • memory/1260-8-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/1260-9-0x000000007293D000-0x0000000072948000-memory.dmp

      Filesize

      44KB

    • memory/1260-76-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-103-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-102-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-101-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-98-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-97-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-100-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-108-0x000000006CF10000-0x000000006D19D000-memory.dmp

      Filesize

      2.6MB

    • memory/1260-122-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-121-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-120-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-123-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-134-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-132-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-130-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-129-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-127-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-128-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-126-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-125-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-124-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-119-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-118-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-117-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-115-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-114-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-113-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-112-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-111-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-110-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-116-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-107-0x000000006CF10000-0x000000006D19D000-memory.dmp

      Filesize

      2.6MB

    • memory/1260-109-0x000000006CF10000-0x000000006D19D000-memory.dmp

      Filesize

      2.6MB

    • memory/1260-106-0x000000006CAF0000-0x000000006CC5C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-105-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-104-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-192-0x000000006C9B0000-0x000000006CAE3000-memory.dmp

      Filesize

      1.2MB

    • memory/1260-191-0x000000006C9B0000-0x000000006CAE3000-memory.dmp

      Filesize

      1.2MB

    • memory/1260-190-0x000000006C9B0000-0x000000006CAE3000-memory.dmp

      Filesize

      1.2MB

    • memory/1260-189-0x000000006C9B0000-0x000000006CAE3000-memory.dmp

      Filesize

      1.2MB

    • memory/1260-197-0x000000007293D000-0x0000000072948000-memory.dmp

      Filesize

      44KB

    • memory/1260-198-0x0000000005620000-0x0000000005720000-memory.dmp

      Filesize

      1024KB

    • memory/1260-201-0x0000000074F40000-0x0000000074F65000-memory.dmp

      Filesize

      148KB

    • memory/1260-202-0x0000000074F40000-0x0000000074F65000-memory.dmp

      Filesize

      148KB

    • memory/1260-203-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/1260-204-0x0000000074590000-0x00000000745A3000-memory.dmp

      Filesize

      76KB

    • memory/1260-206-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-212-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-205-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-221-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-207-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-226-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-238-0x000000007293D000-0x0000000072948000-memory.dmp

      Filesize

      44KB

    • memory/1260-227-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-225-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-224-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-223-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-222-0x0000000076010000-0x0000000076225000-memory.dmp

      Filesize

      2.1MB

    • memory/1260-220-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-219-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-218-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-217-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-216-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-215-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-214-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-213-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-211-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-210-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-209-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB

    • memory/1260-208-0x00000000754F0000-0x000000007564C000-memory.dmp

      Filesize

      1.4MB