Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-01-23...ia.exe

windows7-x64

10

2025-01-23...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2025, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-23_42fb4282bac3e90bdf15aff5c45438ef_mafia.exe

  • Size

    3.1MB

  • MD5

    42fb4282bac3e90bdf15aff5c45438ef

  • SHA1

    55b0a13eb17128f5d100b9f9d18cd0e136665b18

  • SHA256

    70ff9cf6fcf072a69b6dc3144dd240002c1b3a08987b9ff42bcdcb7112c6145e

  • SHA512

    b44e40de7d18fb781e681befe557b0c02f947d4591472e19e8e3074f848162097285b8bf52995061926a8956c62c25bfc04bcf4545652969a0a96488c754fd2d

  • SSDEEP

    49152:1uWJCbWi8qRTNo1tGgyOGUL68B1ECYJgkaRma2sx05tE:1ugCSido3GgyOGG68B+5JMRmAxStE

Score
10/10
banloaddiscoverydownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-23_42fb4282bac3e90bdf15aff5c45438ef_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-23_42fb4282bac3e90bdf15aff5c45438ef_mafia.exe"
    1⤵
    • Checks BIOS information in registry
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3012-7-0x0000000002790000-0x0000000002991000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-6-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-0-0x0000000002790000-0x0000000002991000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-14-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-13-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-12-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-16-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-17-0x0000000002790000-0x0000000002991000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-15-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3012-20-0x0000000002790000-0x0000000002991000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-23-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download