Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2023-08-26...JC.exe

windows7-x64

7

2023-08-26...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_99f3a43e9e1c2d7660156ffb8eb5e21c_mafia_JC.exe

  • Size

    412KB

  • MD5

    99f3a43e9e1c2d7660156ffb8eb5e21c

  • SHA1

    2fe9d1e397bb305326b5cb4b9ec7504a9e7a8dd9

  • SHA256

    624c4a39039daea0038e5ddb92c6cf2d95b334032369f212d81a70cbea5ace82

  • SHA512

    6ce72ae9d0c878ededcff9f6ac38eb6846729608680113415904849e850dcf1e72ac282dca30b76a2c7faecbf9cd883e506474e9ece629e6cad631be368e988e

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZngAQDRrltI8V3GBATlI6v4221dSzJa5P:U6PCrIc9kph5KA4JTq6jqS9G

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_99f3a43e9e1c2d7660156ffb8eb5e21c_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_99f3a43e9e1c2d7660156ffb8eb5e21c_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\8CD5.tmp
      "C:\Users\Admin\AppData\Local\Temp\8CD5.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2023-08-26_99f3a43e9e1c2d7660156ffb8eb5e21c_mafia_JC.exe D80EABAD7AC430E8207B33E38A4C0BA9BDCD74F81C71AB745DF72CF785057465D3F5235817095D979D0AB31533B2B7A48729E0473190450055C0BA1B5C0C6073
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8CD5.tmp
    Filesize

    412KB

    MD5

    e3cc12d460eed4929be3783356f5d701

    SHA1

    7f25cff33946e237d9bdb69d9709379686548aa6

    SHA256

    0db318a363f68cb46210d4a2d4639cfb7409aeb4b0be721e945b6aa7c5930409

    SHA512

    f69990ce35027ef426c7bcc5d060245242cec59cd89f26de16f99cea3fb5335ec9fea6f407cb3e3529407631288c31be548ca973585999fde837e47b8bde4565

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8CD5.tmp
    Filesize

    412KB

    MD5

    e3cc12d460eed4929be3783356f5d701

    SHA1

    7f25cff33946e237d9bdb69d9709379686548aa6

    SHA256

    0db318a363f68cb46210d4a2d4639cfb7409aeb4b0be721e945b6aa7c5930409

    SHA512

    f69990ce35027ef426c7bcc5d060245242cec59cd89f26de16f99cea3fb5335ec9fea6f407cb3e3529407631288c31be548ca973585999fde837e47b8bde4565

    Download Submit