Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

18f4e4a6e2...81.exe

windows7-x64

10

18f4e4a6e2...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    547s
  • max time network
    551s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18f4e4a6e2b9c28bb113fff5d0523f6fa041d9edbde249aa5ac0daa96f7e6081.exe

  • Size

    198KB

  • MD5

    bc24cb92e654b5a6608807a78474b39e

  • SHA1

    5bcac146e4e2ccab18e53c26ee892610636b41a7

  • SHA256

    18f4e4a6e2b9c28bb113fff5d0523f6fa041d9edbde249aa5ac0daa96f7e6081

  • SHA512

    10d1db38ce6baf1cf11a73abc68b79675c3b51bd3c3950d0672df558984ce5e7f6be501c427445bd0dc8148f8f4912d5691e5b0dc99b383672901b77c947b689

  • SSDEEP

    1536:rpnaGkqzunSXT7lRTwItRxYDoJ57jECcxrE4l54KEI:tajSDnYDor/ECcxrEyAI

Score
10/10
mafiaware666ransomware

Malware Config

Signatures

  • Detect MafiaWare666 ransomware 1 IoCs
  • MafiaWare666 Ransomware

    MafiaWare666 is ransomware written in C# with multiple variants.

    ransomwaremafiaware666
  • Renames multiple (84) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops desktop.ini file(s) 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18f4e4a6e2b9c28bb113fff5d0523f6fa041d9edbde249aa5ac0daa96f7e6081.exe
    "C:\Users\Admin\AppData\Local\Temp\18f4e4a6e2b9c28bb113fff5d0523f6fa041d9edbde249aa5ac0daa96f7e6081.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of SetWindowsHookEx
    PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-1-0x0000000074BB0000-0x0000000075360000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1716-0-0x0000000000C90000-0x0000000000CC8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1716-2-0x0000000005C30000-0x00000000061D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1716-3-0x0000000005720000-0x00000000057B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1716-4-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-5-0x00000000056F0000-0x00000000056FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1716-6-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-7-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-36-0x0000000074BB0000-0x0000000075360000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1716-40-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-45-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-53-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download