40d1b1db66914ea21760f3cbdded1705cb5281c244caee6288fc046c8896e627 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2023-08-26...JC.exe

windows7-x64

8

2023-08-26...JC.exe

windows10-2004-x64

8

Sharing

General

Target

2023-08-26_2d2685f10076126d0c398998111902d0_mafia_JC.exe
Size

255KB
Sample

231012-b6kassgg3y
MD5

2d2685f10076126d0c398998111902d0
SHA1

3d49798143638a11746a4242544cf051527d9f60
SHA256

40d1b1db66914ea21760f3cbdded1705cb5281c244caee6288fc046c8896e627
SHA512

7dcd82054c897a302c841c2ac0f1ff3a200ba8d044cbbdccdc2be81a5379b66a378faec5e19097a21d6b7f8ec28eee14226a16bacfc1d1910724533626269d29
SSDEEP

6144:o64tXafE0Mqpm+SKAqpByuqPoEbLvRdvf0:o68r0Mqpm+SCB3KbLzM

Score

8^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2023-08-26_2d2685f10076126d0c398998111902d0_mafia_JC.exe

Resource

win7-20230831-en

persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-08-26_2d2685f10076126d0c398998111902d0_mafia_JC.exe

Resource

win10v2004-20230915-en

persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-08-26_2d2685f10076126d0c398998111902d0_mafia_JC.exe
- Size
  
  255KB
- MD5
  
  2d2685f10076126d0c398998111902d0
- SHA1
  
  3d49798143638a11746a4242544cf051527d9f60
- SHA256
  
  40d1b1db66914ea21760f3cbdded1705cb5281c244caee6288fc046c8896e627
- SHA512
  
  7dcd82054c897a302c841c2ac0f1ff3a200ba8d044cbbdccdc2be81a5379b66a378faec5e19097a21d6b7f8ec28eee14226a16bacfc1d1910724533626269d29
- SSDEEP
  
  6144:o64tXafE0Mqpm+SKAqpByuqPoEbLvRdvf0:o68r0Mqpm+SCB3KbLzM
Score

8^/10

persistence upx
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy