Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

852c1082b7...JC.exe

windows7-x64

7

852c1082b7...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2023, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    852c1082b71632c26f0d135e22cdd71e_mafia_JC.exe

  • Size

    443KB

  • MD5

    852c1082b71632c26f0d135e22cdd71e

  • SHA1

    3a7c650d799a90d408d75954fbc0a9f1b3cdb698

  • SHA256

    f52f00f706b68cb6ef93bce1e7f8e591a29c05bc34e40255ace92794af91263d

  • SHA512

    e0ab8e7eb6f57cf51135c204f3222a75144dcaf256ae23e3c9bd12fabf746e79d8bf2ff959e05dfbf4c0d0ceecbb4514974ea7897d59ba79590e7f10a351e24a

  • SSDEEP

    12288:Wq4w/ekieZgU6yDkox3ajSYg0WZ/gSflMa:Wq4w/ekieH6ckg3A0Z/LP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\852c1082b71632c26f0d135e22cdd71e_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\852c1082b71632c26f0d135e22cdd71e_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\6BFC.tmp
      "C:\Users\Admin\AppData\Local\Temp\6BFC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\852c1082b71632c26f0d135e22cdd71e_mafia_JC.exe FD118905B560F65778742EE64AAF40D19291240AA28C16E82ABDDA46B26B8304E9C10278FDEC2EBF387C899B810EDCCDF4B1B94EC136F92994445B94EC05569E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6BFC.tmp
    Filesize

    443KB

    MD5

    59c3cf3f0d670a89ec592354f0f79ada

    SHA1

    88ee24ed5ad4b8811d44a60cbd1a9bdb150804bd

    SHA256

    890b443edae37471daaf3e8b4044303f24d8617cdb9751c525c100fe7b77805f

    SHA512

    a05962a4abad648f1e87002a1a21d73d91db048f90669b036f074623257710905d2186d9b57cb8b85ec89a8fde8bd521d0ce0c7165a7e8f48c3ad4e556377e81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\6BFC.tmp
    Filesize

    443KB

    MD5

    59c3cf3f0d670a89ec592354f0f79ada

    SHA1

    88ee24ed5ad4b8811d44a60cbd1a9bdb150804bd

    SHA256

    890b443edae37471daaf3e8b4044303f24d8617cdb9751c525c100fe7b77805f

    SHA512

    a05962a4abad648f1e87002a1a21d73d91db048f90669b036f074623257710905d2186d9b57cb8b85ec89a8fde8bd521d0ce0c7165a7e8f48c3ad4e556377e81

    Download Submit