Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 08:28

General

  • Target

    2024-09-09_c3b63a758e64a1c6165eb040743e68c7_mafia.exe

  • Size

    428KB

  • MD5

    c3b63a758e64a1c6165eb040743e68c7

  • SHA1

    4f218f2b4130771c69d8d011cb96350d10347f9c

  • SHA256

    17d681450ae6eaabdd62828f628157c4e33bd65d871bdb73969b2f0b5328700a

  • SHA512

    ad15434ac9d03f940ba2367f6c897225d04c9c7da10b6ecf4fa0882305f7acab9b34913c0d46a8b38c7f460ee36445547134a5ae8fd1fbbb5a5018344767b625

  • SSDEEP

    12288:Z594+AcL4tBekiuKzErYVMllekWSiQlo91m9dfsl:BL4tBekiuVr3l4e3oHmDs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-09_c3b63a758e64a1c6165eb040743e68c7_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-09_c3b63a758e64a1c6165eb040743e68c7_mafia.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\B5F7.tmp
      "C:\Users\Admin\AppData\Local\Temp\B5F7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-09-09_c3b63a758e64a1c6165eb040743e68c7_mafia.exe 10115F6B26427A86397AF5C3EDE48B3654BA30AB3570393CDA630E642CF2CDA7FC643EF26292083CC2DB1ADFA9C45278C4FDA6C89996A2AEA9F8E4F0E1A579FD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B5F7.tmp

    Filesize

    428KB

    MD5

    ec4549d26516513a9a385d4c6dec8f2a

    SHA1

    05f876ec40acb55029941001fb7918930aa3fbd4

    SHA256

    f73bba7e62a512e7e0f840e3fa6b11dac1fb65e728fc183946206964b5cd3f90

    SHA512

    bd47fc710458dc3a20636efcf67424eb6fc9fc0d53777a1c43ae092acbca2fd9ac91e7b3370f24b1f8a4a9abe8024daafdf77ae87ae0830878d9131ffd4f036e