Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

393900fdf8...JC.exe

windows7-x64

7

393900fdf8...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2023, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    393900fdf8a28b3b29b5efc063ea84a1_mafia_JC.exe

  • Size

    384KB

  • MD5

    393900fdf8a28b3b29b5efc063ea84a1

  • SHA1

    9b4a3891b55d5c7fd052e84f293b93cb6b9fd122

  • SHA256

    fba7f2c47d0c3505e31e8512d957647f5ebe70a74c2797fa9314fa88a061681a

  • SHA512

    449a066f72d0289b21c5ec30eabbc31e9a5d5ab84b39fe88d4be795e4b15616dd7a2bc5c70cd1b62db14a21a8df34b6188cbdccde3fe34495f4d5051e542ff4c

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHdgabUsloXEm+Z6sFO8b4Vkwgtn3dLJY4epMKZ:Zm48gODxbz7nUslnmPsFwV9gdt+4eKKZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\393900fdf8a28b3b29b5efc063ea84a1_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\393900fdf8a28b3b29b5efc063ea84a1_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Users\Admin\AppData\Local\Temp\99A0.tmp
      "C:\Users\Admin\AppData\Local\Temp\99A0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\393900fdf8a28b3b29b5efc063ea84a1_mafia_JC.exe 9E846D60D663DF2BAA558CDE6B31009F51008924EBAA104C3913AE6619B5D28C53FC5A8B9F23F44E3E5538FDB142BF2752BFEF8D9FA215FB4369A2349704FE50
      2⤵
      • Executes dropped EXE
      PID:3292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\99A0.tmp
    Filesize

    384KB

    MD5

    ead1b8fb18e3efc4788c6ab0070006fd

    SHA1

    c3cea2d39754f9741f5d77305a9e03d84ee4cf3e

    SHA256

    889ef2edfe37fedc9129c71e52aa6b03b628dd03598615bf7c836e74648095cb

    SHA512

    6aa0a76987d123246c3ab4131df270802f1d2f7a6c084963537f3d94a102a0086c6ba4c62bce91ae0b21b4910283f1335d4c334b38b938acbc3f2b5af1232827

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\99A0.tmp
    Filesize

    384KB

    MD5

    ead1b8fb18e3efc4788c6ab0070006fd

    SHA1

    c3cea2d39754f9741f5d77305a9e03d84ee4cf3e

    SHA256

    889ef2edfe37fedc9129c71e52aa6b03b628dd03598615bf7c836e74648095cb

    SHA512

    6aa0a76987d123246c3ab4131df270802f1d2f7a6c084963537f3d94a102a0086c6ba4c62bce91ae0b21b4910283f1335d4c334b38b938acbc3f2b5af1232827

    Download Submit