Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2711615318...JC.exe

windows7-x64

7

2711615318...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/08/2023, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    271161531890de08745e7d26089451ad_mafia_JC.exe

  • Size

    414KB

  • MD5

    271161531890de08745e7d26089451ad

  • SHA1

    ae56e188bf9605b77565ff7c49549f6ae0d1ffca

  • SHA256

    4c2e4a28752a3f72865eb7440b704d2b02dc87e08a91eeac39dcd5234aba32e2

  • SHA512

    eb4ebeea92f083fb4926af3fa9db1319a668d997522bacfc6accea3c90d095a7601023f43e64a7b0da0eb32960ecb72765c6a606eb9239c3837158ef4190035c

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYI1ThZmsUvsIbmoH6vjc2WfZeLbFMpvu52PTNG2:Wq4w/ekieZgU6LzURYQ2Wm6u2PTNXlx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\8368.tmp
      "C:\Users\Admin\AppData\Local\Temp\8368.tmp" --helpC:\Users\Admin\AppData\Local\Temp\271161531890de08745e7d26089451ad_mafia_JC.exe 01B5B575D581139172A256006F22D3D4B88134403293588B0FCDF268A754020D2BA43D20BDD38E2232DA463E4DA18A6E90BE83BC7E7F33A441BF522F183439D4
      2⤵
      • Executes dropped EXE
      PID:3276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8368.tmp
    Filesize

    414KB

    MD5

    19bdadef788ab32de9d156da306c7855

    SHA1

    4d196508e4287f6de8e69a85eb37815ac309f1d0

    SHA256

    e594176ca64c1b7fa2f25f86b0f530b0de7010f567e238e92908a692a82c4e2d

    SHA512

    10424751128bbd5ef16419f49133b913b3e3006ad5c6c6bf9e34d328d79270114d4c53825a780501f046321e4ec92bc90cb937091e7563457b8be0b9d1466c0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8368.tmp
    Filesize

    414KB

    MD5

    19bdadef788ab32de9d156da306c7855

    SHA1

    4d196508e4287f6de8e69a85eb37815ac309f1d0

    SHA256

    e594176ca64c1b7fa2f25f86b0f530b0de7010f567e238e92908a692a82c4e2d

    SHA512

    10424751128bbd5ef16419f49133b913b3e3006ad5c6c6bf9e34d328d79270114d4c53825a780501f046321e4ec92bc90cb937091e7563457b8be0b9d1466c0a

    Download Submit