Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Mars Steal...der.7z

windows11-21h2-x64

1

Win32.Mars...nu.exe

windows11-21h2-x64

3

Win32.Mars...PC.exe

windows11-21h2-x64

7

Win32.Mars...DME.md

windows11-21h2-x64

3

Win32.Mars...v3.rar

windows11-21h2-x64

1

mars/panel...rd.php

windows11-21h2-x64

3

mars/panel/footer.php

windows11-21h2-x64

3

mars/panel/grab.php

windows11-21h2-x64

3

mars/panel/header.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ut.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel/loader.php

windows11-21h2-x64

3

mars/panel/login.php

windows11-21h2-x64

3

mars/panel/logs.js

windows11-21h2-x64

3

mars/panel/marker.php

windows11-21h2-x64

3

mars/panel...gs.php

windows11-21h2-x64

3

mars/publi...l3.dll

windows11-21h2-x64

3

mars/publi...ue.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

mars/public/nss3.dll

windows11-21h2-x64

3

mars/publi...n3.dll

windows11-21h2-x64

3

mars/publi...e3.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

plugins_manual.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/02/2025, 17:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mars/panel/includes/grabactions.php

  • Size

    1KB

  • MD5

    85cd2049fd2b13c59e7b3b96c65e92d3

  • SHA1

    2ce1446a451e3b8730c1229d2a2cf8af3bfb83cb

  • SHA256

    e1cfda4fcd37db567c37f12f4e31086bc6dd5ba5918249aeddac0ce21012581e

  • SHA512

    d1d1e073022adb3e23afcb6714a5a4eaea2d9f0acd3fd5426be04e3c7baa8ddb7e07f89c0eca78c4ca7c3ab2b761aa5809cf0a817514bcbd0270baee7b53154e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mars\panel\includes\grabactions.php
    1⤵
    • Modifies registry class
    PID:4484
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.