Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9afa95e2fa9ad0_JC.exe

windows7-x64

7

9afa95e2fa9ad0_JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/07/2023, 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9afa95e2fa9ad0_JC.exe

  • Size

    428KB

  • MD5

    9afa95e2fa9ad078ec9858d5277ce182

  • SHA1

    ba94038280eb75e8e4d757c701ebfc263d605b30

  • SHA256

    8edc031d846a8362b068bfa60d01045fde671f9830165caceb0f95f179e64ece

  • SHA512

    4190c24d05fe2180f1242a623d98da9c8b8b83af3b431dbf033e0af736f965543585dcd3318484eb0b8c85edf58f5da8d26facfe3fb5fc4f69e894f7c7bcb850

  • SSDEEP

    12288:Z594+AcL4tBekiuKzErNqdqDuMbTLxGNh08Xl:BL4tBekiuVrNqds3eh08X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9afa95e2fa9ad0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9afa95e2fa9ad0_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\18E2.tmp
      "C:\Users\Admin\AppData\Local\Temp\18E2.tmp" --helpC:\Users\Admin\AppData\Local\Temp\9afa95e2fa9ad0_JC.exe 45CA0F2AA7D40E3A5E751BBF1A086159DEE3E9941AFBD5412AD01C636FF5A5A65D73FDFA822B1365D287BD69B4F7C56E43CF100DC166D478D509E3F3CE2237BD
      2⤵
      • Executes dropped EXE
      PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\18E2.tmp
    Filesize

    428KB

    MD5

    a2055f8a7791639a9d440cfeaaab2874

    SHA1

    308e05c226ccb8d8bee27e63c4c82ab0845f6582

    SHA256

    5cb65ec83cd00434465f3447745d4ccda156b79c047b915513e434d0fcf5b67a

    SHA512

    f1538344b4c7cd7857d5a4a236d5bf150e01f99505fb8737b52bc9ca85b72ad6e83db570b457486bdbd2bf19697687e535fd585920a81f1521da7870cfb0a54a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\18E2.tmp
    Filesize

    428KB

    MD5

    a2055f8a7791639a9d440cfeaaab2874

    SHA1

    308e05c226ccb8d8bee27e63c4c82ab0845f6582

    SHA256

    5cb65ec83cd00434465f3447745d4ccda156b79c047b915513e434d0fcf5b67a

    SHA512

    f1538344b4c7cd7857d5a4a236d5bf150e01f99505fb8737b52bc9ca85b72ad6e83db570b457486bdbd2bf19697687e535fd585920a81f1521da7870cfb0a54a

    Download Submit