Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2711615318...JC.exe

windows7-x64

7

2711615318...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    01/08/2023, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    271161531890de08745e7d26089451ad_mafia_JC.exe

  • Size

    414KB

  • MD5

    271161531890de08745e7d26089451ad

  • SHA1

    ae56e188bf9605b77565ff7c49549f6ae0d1ffca

  • SHA256

    4c2e4a28752a3f72865eb7440b704d2b02dc87e08a91eeac39dcd5234aba32e2

  • SHA512

    eb4ebeea92f083fb4926af3fa9db1319a668d997522bacfc6accea3c90d095a7601023f43e64a7b0da0eb32960ecb72765c6a606eb9239c3837158ef4190035c

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYI1ThZmsUvsIbmoH6vjc2WfZeLbFMpvu52PTNG2:Wq4w/ekieZgU6LzURYQ2Wm6u2PTNXlx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\7935.tmp
      "C:\Users\Admin\AppData\Local\Temp\7935.tmp" --helpC:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe B9711327EC9E0E77E252313A8FADB930E458C7FDA9D66EF648AB0AF9A4B2529DC078EC5E39416C45A07A4BBDDEEC396D5208FCB98B0389A8D4677C68F7839E33
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7935.tmp
    Filesize

    414KB

    MD5

    3ef3d9de39fff9cbfe82ca5780c9c3d1

    SHA1

    e0d3d09bd1cfdbddf227eb521fb6da5f03f7978f

    SHA256

    5500d053eebd9ebfdadd0a7fd138343b43fe61da1c0482a5540eb0549e226451

    SHA512

    5116fb9ccd77308c29e8c87dafef2f7b69bdd40f2b72f8320d4b92fbb3f780bbc811514de6c8982e7757976e3218a0bc8dc7ed5086b3c74ccaa2d5259f8fd9e1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7935.tmp
    Filesize

    414KB

    MD5

    3ef3d9de39fff9cbfe82ca5780c9c3d1

    SHA1

    e0d3d09bd1cfdbddf227eb521fb6da5f03f7978f

    SHA256

    5500d053eebd9ebfdadd0a7fd138343b43fe61da1c0482a5540eb0549e226451

    SHA512

    5116fb9ccd77308c29e8c87dafef2f7b69bdd40f2b72f8320d4b92fbb3f780bbc811514de6c8982e7757976e3218a0bc8dc7ed5086b3c74ccaa2d5259f8fd9e1

    Download Submit