Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

eea271d4b4...JC.exe

windows7-x64

7

eea271d4b4...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eea271d4b409afa67d0a11786695f28f_mafia_JC.exe

  • Size

    414KB

  • MD5

    eea271d4b409afa67d0a11786695f28f

  • SHA1

    1386f8915391bd6bdc1e586ef1f3c28ca54a14be

  • SHA256

    8bbdca89550815c18668b6e0376a779cceee21dcf969fb546e735650d7eb311e

  • SHA512

    883f7c1bc78bf3519a4f3f692d393214c81b74d548b631f845c579b237c02019db4b1110e45b00d0acd15433800b1f6a451b07c8f99bedeedd5421ed70178e58

  • SSDEEP

    12288:iA4g7yYea4GZo2LNZRMQq+KWVfmPWZ7dlXFS:iA4g7yYea432LVMt+KWVe8c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eea271d4b409afa67d0a11786695f28f_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\eea271d4b409afa67d0a11786695f28f_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Users\Admin\AppData\Local\Temp\9A7B.tmp
      "C:\Users\Admin\AppData\Local\Temp\9A7B.tmp" --helpC:\Users\Admin\AppData\Local\Temp\eea271d4b409afa67d0a11786695f28f_mafia_JC.exe 3A8A6DC3D6932D9E93451E248E3C32BB955294503204A7A4E149C50FF438A9B3A67DF02078B55937A82EE2082524793C5B8FF900C827AC53CAFEB753052B2D91
      2⤵
      • Executes dropped EXE
      PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9A7B.tmp
    Filesize

    414KB

    MD5

    d0820297334e0567dfc6c68d08dcc736

    SHA1

    577da76f9205203f27dbd06d32269cfbf1381879

    SHA256

    a90fa5731690be2a95b2720a8a6734d783c2ec13050275ab5f4c5500bf76db7d

    SHA512

    9ce51581e2335eb2b7ff77e9feb7531c8dc4bab108e40f7002d94d63389987c0de47b7067f49dce3fc1103f581a71b66edc858cb12be3b41d9c14ec1ad183811

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9A7B.tmp
    Filesize

    414KB

    MD5

    d0820297334e0567dfc6c68d08dcc736

    SHA1

    577da76f9205203f27dbd06d32269cfbf1381879

    SHA256

    a90fa5731690be2a95b2720a8a6734d783c2ec13050275ab5f4c5500bf76db7d

    SHA512

    9ce51581e2335eb2b7ff77e9feb7531c8dc4bab108e40f7002d94d63389987c0de47b7067f49dce3fc1103f581a71b66edc858cb12be3b41d9c14ec1ad183811

    Download Submit