Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/07/2024, 00:22
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe
-
Size
2.3MB
-
MD5
6994008581f513c46eb225ca9c88a330
-
SHA1
4e7c5a7969046951096cad865aea9f9864ff3748
-
SHA256
4f87deccc49d5c79b3fef21153a33e4e43ff4b8090bbe96e1fd70c668fd2b07c
-
SHA512
8ffe62ee3777b1b48d2e0af400ef6a275752c85ac95f947aff0b154c0a022bdaecfe5e12876908f947d8ebf6f980550647db030444dcb0c61eb06761da2e526d
-
SSDEEP
49152:3ZRpZ8sSugiO+Kq2SDNNgaciS0O3BZrLsPZQn90IYPqIhL:tZ8/uUq2SvgiK3BZ/sBQn90IpI
Malware Config
Signatures
-
resource behavioral2/files/0x000800000002341a-28.dat -
Loads dropped DLL 1 IoCs
pid Process 744 EXCEL.EXE -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet 2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 744 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 744 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE 744 EXCEL.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-01_6994008581f513c46eb225ca9c88a330_mafia.exe"1⤵
- Checks processor information in registry
PID:4568
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Loads dropped DLL
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD57eca219377b9d8dca9258abad66f4730
SHA1fd13a2c76cf9016d16390bbedc8caef125747df4
SHA256daf3c95cd5365199f0407ab8f43b5817673c4a58ba99a0a405a5510231852318
SHA5124786991f37ccc7f79337b45298f0dde8bd6d2cb79f2b06ea03d1c1fc09dfc4fd1254621506c3d9f25a216070463a33abe6bfd13ab1a38978dd270b66f35a2038
-
Filesize
22KB
MD516a7e2794ebb3f91d0da30f58bac097f
SHA1e04777636c2ef6a6e9453f8b1ca98b05facf4981
SHA2566a85cf4e4b2d5ad3cca1ca314a5a1237ff44a8c791fa5eeddc2b5abbbdbd371c
SHA5126a1a482d4aa7e53a737b2f9faf4851f2fe38c38247f574b74ac50916198509a01902d2787cef113de545973a1df79c93643cdc56161e11de40d35d3e35214e53
-
Filesize
26KB
MD568ae3f8f60641e3b6e40c907e9f01daa
SHA1204d0f28e2970af8a6727198b88edbfdd19d5c51
SHA256759024e88c6e0063004bb09392922af4010aec87dc7c8377451c87ab13a68bf0
SHA512443d53552354407df61d688223381bfc31f61c6b2bf9618f38e18f74490e8f98ad0dbb3128990c58b4f3094790908b84eb63e62070c337385c20c8a8699bcbcf