Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2023-02-14...er.exe

windows7-x64

10

2023-02-14...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2023, 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

  • Size

    3.3MB

  • MD5

    acd46f88a6f90143090c342c10544ccf

  • SHA1

    bb90bed3b0d747feeac32536d75c6d153b34be0b

  • SHA256

    8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c

  • SHA512

    82e91a14b2a7bfb659a566df7caf7f8dc28b61a14c504dd6ca23166ff2bb142114a43c5a3c70309022d813f34fb3aa63d321d964f3b6178e42b650ac0e56e84f

  • SSDEEP

    24576:v54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKI:CIAWjdAp1PagjLuSh3i+FtvkMzT+

Score
10/10
mafiaware666ransomware

Malware Config

Signatures

  • Detect MafiaWare666 ransomware 1 IoCs
  • MafiaWare666 Ransomware

    MafiaWare666 is ransomware written in C# with multiple variants.

    ransomwaremafiaware666
  • Modifies extensions of user files 11 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops desktop.ini file(s) 7 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:4868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4868-132-0x0000000000D90000-0x0000000000DDA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4868-133-0x0000000005CE0000-0x0000000006284000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4868-134-0x0000000005640000-0x00000000056D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4868-135-0x0000000005930000-0x000000000593A000-memory.dmp

    Filesize

    40KB

    Download