Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f41395442e...JC.exe

windows7-x64

7

f41395442e...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/08/2023, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f41395442ee0935ecd95afe10c197f82_mafia_JC.exe

  • Size

    444KB

  • MD5

    f41395442ee0935ecd95afe10c197f82

  • SHA1

    e50c5f19014282c41b638bb55a9f455569e208d1

  • SHA256

    da9ec0609e678181fbd86d11cbf668cca7608faeedf905bd164130f43988f1c6

  • SHA512

    288d379d02190d5378a51fd654c2a5a60b0006c7b09372746cf4c357ed74a2778dbd979379baa6c632985333dc7ef8ca80c71de5c8f91e175e5fbb39fdd531e4

  • SSDEEP

    12288:Nb4bZudi79LJX9GqtEG7F1OSUjbGMLcgv65A:Nb4bcdkLN93tySYbGfgv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f41395442ee0935ecd95afe10c197f82_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\f41395442ee0935ecd95afe10c197f82_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3484
    • C:\Users\Admin\AppData\Local\Temp\68CC.tmp
      "C:\Users\Admin\AppData\Local\Temp\68CC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\f41395442ee0935ecd95afe10c197f82_mafia_JC.exe 42B23A9CE66224147F13C5EC381D929A993A42D49D1DA842B72538425836E0E9A4E6CB2601D680A57F01B1B0E06C6504FB1F3935F1389E31444F50A738B6F5F4
      2⤵
      • Executes dropped EXE
      PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\68CC.tmp
    Filesize

    444KB

    MD5

    7fa9d86ec54ed8d72fd88bda3a238ac1

    SHA1

    73b25dc291026ab9b796407310fbb575211b080c

    SHA256

    e4461db57173b673e2939f23ce1b32a750f6832cd35b4da388585b188d8a78b9

    SHA512

    8064af3b9c26d55a15f8949b8745073440bd8a11583ea5620f921f58f18348657020944ae98774018445b14bc6683424f5e83bf5c0a1cec35a418a5a6a7dcc36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\68CC.tmp
    Filesize

    444KB

    MD5

    7fa9d86ec54ed8d72fd88bda3a238ac1

    SHA1

    73b25dc291026ab9b796407310fbb575211b080c

    SHA256

    e4461db57173b673e2939f23ce1b32a750f6832cd35b4da388585b188d8a78b9

    SHA512

    8064af3b9c26d55a15f8949b8745073440bd8a11583ea5620f921f58f18348657020944ae98774018445b14bc6683424f5e83bf5c0a1cec35a418a5a6a7dcc36

    Download Submit