Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8e261b67fc...JC.exe

windows7-x64

7

8e261b67fc...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2023, 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e261b67fcd36b84bbf35112caa67f24_mafia_nionspy_JC.exe

  • Size

    344KB

  • MD5

    8e261b67fcd36b84bbf35112caa67f24

  • SHA1

    223bf3d5dea2774c944194d8f85579ded09c57b0

  • SHA256

    a8206adbaab94415db7a14283cd510b3dc67679781d4d838eba8b3d6fe7514ff

  • SHA512

    85b881d242598f7c57e5acb0839771fc9fac29e75ce536a001a130f4dd403b7eed375b6b822a456cfbe09c8425f6d89fa09486423411b89820ba5f3d5da9490c

  • SSDEEP

    6144:tTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:tTBPFV0RyWl3h2E+7pYm0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e261b67fcd36b84bbf35112caa67f24_mafia_nionspy_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\8e261b67fcd36b84bbf35112caa67f24_mafia_nionspy_JC.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4672
      • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe"
        3⤵
        • Executes dropped EXE
        PID:3648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
    Filesize

    344KB

    MD5

    83ce560df102d082d5431b01c0c74f25

    SHA1

    f91a5c079c7963d279b37529f89f1ac9ce1171e6

    SHA256

    f05c2eeb33f959c1a39d51523b1baec7777c59b9ced029e0c3d1c62c89db359b

    SHA512

    902b2668450457fb37c5b971dbc3a58a765043baade2afd66a573785006c201991f5386d8343afe2a668cc586aee6bce4ac82b7faaddaf8fa5cfcb90840eec9b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
    Filesize

    344KB

    MD5

    83ce560df102d082d5431b01c0c74f25

    SHA1

    f91a5c079c7963d279b37529f89f1ac9ce1171e6

    SHA256

    f05c2eeb33f959c1a39d51523b1baec7777c59b9ced029e0c3d1c62c89db359b

    SHA512

    902b2668450457fb37c5b971dbc3a58a765043baade2afd66a573785006c201991f5386d8343afe2a668cc586aee6bce4ac82b7faaddaf8fa5cfcb90840eec9b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
    Filesize

    344KB

    MD5

    83ce560df102d082d5431b01c0c74f25

    SHA1

    f91a5c079c7963d279b37529f89f1ac9ce1171e6

    SHA256

    f05c2eeb33f959c1a39d51523b1baec7777c59b9ced029e0c3d1c62c89db359b

    SHA512

    902b2668450457fb37c5b971dbc3a58a765043baade2afd66a573785006c201991f5386d8343afe2a668cc586aee6bce4ac82b7faaddaf8fa5cfcb90840eec9b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_x86_64\lsassys.exe
    Filesize

    344KB

    MD5

    83ce560df102d082d5431b01c0c74f25

    SHA1

    f91a5c079c7963d279b37529f89f1ac9ce1171e6

    SHA256

    f05c2eeb33f959c1a39d51523b1baec7777c59b9ced029e0c3d1c62c89db359b

    SHA512

    902b2668450457fb37c5b971dbc3a58a765043baade2afd66a573785006c201991f5386d8343afe2a668cc586aee6bce4ac82b7faaddaf8fa5cfcb90840eec9b

    Download Submit