Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5b42fd7803...JC.exe

windows7-x64

7

5b42fd7803...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    04/08/2023, 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b42fd78036788cb8f30d72725fa0846_mafia_JC.exe

  • Size

    412KB

  • MD5

    5b42fd78036788cb8f30d72725fa0846

  • SHA1

    c6831759ac91550fd53a23d8e405e35e1d47c3c5

  • SHA256

    48271d4bdb92dc3197c1e6d12ed210576f29ceb1a4ed50513b86fafc564f9154

  • SHA512

    1709000bb87182306e37b2c1ddfc386c96219980a0f47a26a733cf5d5c05e6aa7752e65041378088bc2bbd7bc4c8f9f11af5733b9d5b12f9561ed4baf0a33de2

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZn8u72C7bLodzV76aIS6rUNqesjaf0/ur4BSSP:U6PCrIc9kph5j72ILodzQzxesufm44B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7484.tmp
    "C:\Users\Admin\AppData\Local\Temp\7484.tmp" --pingC:\Users\Admin\AppData\Local\Temp\5b42fd78036788cb8f30d72725fa0846_mafia_JC.exe E79EDF550930C97CA9F5B55E9328DA240ED16C55CB5AAEE2DCFA8E636864930FE9D3E65D6B4ADC1562FB82F92BA2B73FE46974DC117B6E75F82A4701FAAB6431
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:2400
  • C:\Users\Admin\AppData\Local\Temp\5b42fd78036788cb8f30d72725fa0846_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\5b42fd78036788cb8f30d72725fa0846_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7484.tmp
    Filesize

    412KB

    MD5

    eb90b57e0c37c63b5ef8f516e75e089e

    SHA1

    4d9f06371c4c6f0749889c8e0c1f0dc443b62c7d

    SHA256

    57043b00fbd803c613d5f3368b5898ea5e70be8e8cebadae7631a145086d1cb2

    SHA512

    2cde7f9af6b65ca1ebb56894523795e927502673335c423e59e0bcf928c0081fb8c0b9162ead922dbc8956f412ba43203267e3f967bfd57143a5d51cbd8195d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7484.tmp
    Filesize

    412KB

    MD5

    eb90b57e0c37c63b5ef8f516e75e089e

    SHA1

    4d9f06371c4c6f0749889c8e0c1f0dc443b62c7d

    SHA256

    57043b00fbd803c613d5f3368b5898ea5e70be8e8cebadae7631a145086d1cb2

    SHA512

    2cde7f9af6b65ca1ebb56894523795e927502673335c423e59e0bcf928c0081fb8c0b9162ead922dbc8956f412ba43203267e3f967bfd57143a5d51cbd8195d9

    Download Submit