Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-08-22...ia.exe

windows7-x64

3

2024-08-22...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-22_b23c0c42ae85bfe97b31316344df20f7_mafia.exe

  • Size

    363KB

  • MD5

    b23c0c42ae85bfe97b31316344df20f7

  • SHA1

    2d5dedfd74bbbbd93caa5d98510fca1815dab83e

  • SHA256

    750dfe561b8c8589cc43caeca69dcc104b57bf9c12c58494bf0dd3678d5b4d7e

  • SHA512

    85e64e8e3f6ccb19cf87d9a345f863771c307657572e72c1376d8bec60a419e996a8d33d733d5ab1386c7169c34f0830b001be06e87c58f96b78ae1f84142f9e

  • SSDEEP

    6144:5NgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXkmFDW:5u4lNAtYytvS5Aku1YLrF

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-22_b23c0c42ae85bfe97b31316344df20f7_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-22_b23c0c42ae85bfe97b31316344df20f7_mafia.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/bang5tao.html?s=56&v=57&c=72&a=163&m=&t=1614060106
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    699833922c96b36ff2160fe01db82c5b

    SHA1

    ade2c176c256cfd57f39f420782067e4267868ac

    SHA256

    51cac7217dc1fced1da0433676225aabee97dc5a11a77c067f168dd57903297d

    SHA512

    3dff2cef743781610b75a2c1ad592069a0335a63b09b961404f1aa51832fc07c6fb5c41168f8cddf4d8971a63d089f9b47883b5b7196ba023d698e0c3420a751

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b74906df5619b5f1c6d5a50ca2ba981

    SHA1

    b58606474b2c5a519171368491b3fd218634fbb8

    SHA256

    e417929bab4b86e7983daba94c7ce9f289fed7f2738664f8832821af5b5fe703

    SHA512

    33bf50879664c41ed0f06812ca8948bdbe46eb38b2d3361e625882cf4e9fa9a225c370b39b43477e2fd0e0cae5231ee7ff838171934bdf5ccb6548cc624e0d1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2754805fa41423451fd09fb480ec3397

    SHA1

    25b654f12ddc16c569caa4574c47ed3d615ebcb4

    SHA256

    fdfd4321185877c7276ef13373a355410adcaded38d75d1ded4dfe23f75c5ce6

    SHA512

    4e7642b3c280c76387d6f7dca08c55cc746bdd314d36bd886102e0998f22acf37b4e585e3dc104d06658ae545c8591ebf3dc115375ea4ed75b84f35e7bf0b113

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    090130470472c70e25425ba8d4c4a55e

    SHA1

    99e341a79b0db97da79ce3f0b2a5df7b63138881

    SHA256

    6bd02a1250cb1f4025511ab456c5c3e9311c601d81ae5759eb9475aac25f01a6

    SHA512

    a48f1e17dfdd0a0ba4fcafee5824b7fde216ed03d0e0008356e774d7a5490b8a6b453cf79b244544a1300538f6522391228a57eb2b273e9facceae55243b642b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4556a17dcf8848ef6a6e71630bad4158

    SHA1

    a2229b9a82b63ce667d8155defcbed05c2925c54

    SHA256

    b1af7baeb1bc90510ac70492ec45be50aae99dc6085b275a0f9b3fb1ffd6df3a

    SHA512

    a1c0411a8f727324056bec5523bcc0cc22caf74a1441e274c7f0c5602e9b5a04962336aff603a3988402e48fde148b8c36fec2861ec9058b17b9787c3ffc7515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83ec95f5b53184407f000cf21d1369b3

    SHA1

    0feada91646435206768fb5224aa074775bc791f

    SHA256

    eafa58b0937dd7a7085949b6fb4be0cf8b0f1bc1c5f3330e2e4d6d7264130114

    SHA512

    02835f3ef90ae4751d8f0b7eb9491719f405c74fad1b8b76358e46518180551662407444612b73417880cfc2987da0e5944f87d7025075194b26b3cecbca8aa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cce7ae500b4983eed4769e8b3ae3137

    SHA1

    f01495c819c47d71d06b0ee524f071880bc363ab

    SHA256

    7b70525a47024cb9c2dae7809096a2c19dce77b9ce26aa2694e7978508d455cc

    SHA512

    1a0020534cc4467d2927c2b761235909af3a21a3aeed07d593505da166f4c6095bc2b591215720c37c12c70eec5a71f42f3191f995c7800a4eafba19cdfbfc9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f5b0d1526151ccfb86d497a8813ecaf

    SHA1

    a5bbeb2f64de3c46f0d2045c81f1deb46b42cc54

    SHA256

    a157e7cead103541f6156f77a65e1c83810b6627c468d3ed107b4e71c42b7e0a

    SHA512

    b3a6ddb561ecbdfaa6c89311f4d32b421067c9c5bf54f5cab898aa3933dea7241eeaefd9cb6232c09f098e13ea77d1049a6dea97b5252da52831228e7f876439

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8106651fc5d745bf8c803e439b0e87fc

    SHA1

    04aafb8cfa994daae60ab4303a7d666e1a869638

    SHA256

    32f7449c6bed8fa945ec0100aa59f8e1623bcf9a6761e83e2811b7b404e56154

    SHA512

    c55a38a0cff0d61547fdffdc776585e2f169a93ab9d0f88c673a2a8c6c902a298d8366d7c8480304ae73ba38020e1645ec601209ebbf2cf03f154fc5b962e857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e710271454a1eb42683008cde25c02bf

    SHA1

    c64a04dfbe6f38632dbd8a4d8d5949851318ca32

    SHA256

    f99305e3f96a591eedda447dd688030b31337b2e8054b746723e39db094c6254

    SHA512

    e1a9ef1fc16851f753afc35d3f496fb282e16d6df6e8b650d9ea72b2dbf373144d1bedfd6afe182749fbcaea6eb8a45161058bba3c089fb6fb81dc5fb068d6c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d691d52291972554287585e459ff3b1f

    SHA1

    3ef445fb33fb18f3cfdf615701ff8b9837d2ff3e

    SHA256

    5734b7694c761d59886a3d1cc3c74aa64bbdc905d405d77b0fd74bd31425bdc3

    SHA512

    1637df411ea83a920fa917dca774f4854a3e64f32d18f95c3dffd442c420e33876386a0601acbc4b41d12dfd08c3712e1494b703681f128c9b3020bda7f869b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6865fac9dfcc1cbeba2ef8074dfb67e0

    SHA1

    fb8362e69e6d67c4e08aeab6dc79b6cfa7c9a9b1

    SHA256

    a35399d5e5ae4410260e1cb87d31970bb88ac010b25976ca91b0d5bbce4306de

    SHA512

    a2d2adb419f6b53e05909ea418bb9a92f9da4456f9bdb8ca3b3e37f7524c8211efb8a37afc88639eeb10021b021268d60af382da76aca28bae9e6e4c67b7c283

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a8ff95d8165be68c8c9f36622fbcae7

    SHA1

    166661491118f6ce70b442a7e3d2af9771a3f744

    SHA256

    dad6817211fe560680cd32078907aeca475166f4c297d22807a1bcc6a796daf8

    SHA512

    aeaed8cc50f28ec097bd117d9834e2761b485c79ebf54bc5c80403353813d725be585fcc7bbaeba86f4849006df5c290e1649db3a8ddd7eeca93e1d34ff66a48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b446425f239ac524c204c5dda8bc1fe

    SHA1

    d3bc31751a684af2cba6b7eefcd28240570127d2

    SHA256

    324839b2521ea05c49af849501d2946a0656cdff8dbd344b9dbdd3c0c84aae6f

    SHA512

    cba40ebde77e04efcb6da6955221ae0fdbc372185c8fe50d5ab284d58e7205bafc86ddf12b33013574cc08019b5506256c8c3092786055ea9b2047f582623ba6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5457dbfd1da8f5b6d5de4e8d9ca1b24d

    SHA1

    26ab55d0c6d3ef750ee2e575574d3ab5003d89c6

    SHA256

    72a49d28d38e049e185f656e392e53d7a5174501ff1aee138328d684f08dc02d

    SHA512

    31c81d614366f11a3474a9415916b26163bdb6ea2a1a53d8b4b1541f39dfd5325fdf99d228e4ded37709fcfdc0864e0af9fac47556d128a7f48b33a99772ee2a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDEBD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDF8B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit