Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Mars Steal...der.7z

windows11-21h2-x64

1

Win32.Mars...nu.exe

windows11-21h2-x64

3

Win32.Mars...PC.exe

windows11-21h2-x64

7

Win32.Mars...DME.md

windows11-21h2-x64

3

Win32.Mars...v3.rar

windows11-21h2-x64

1

mars/panel...rd.php

windows11-21h2-x64

3

mars/panel/footer.php

windows11-21h2-x64

3

mars/panel/grab.php

windows11-21h2-x64

3

mars/panel/header.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ut.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel/loader.php

windows11-21h2-x64

3

mars/panel/login.php

windows11-21h2-x64

3

mars/panel/logs.js

windows11-21h2-x64

3

mars/panel/marker.php

windows11-21h2-x64

3

mars/panel...gs.php

windows11-21h2-x64

3

mars/publi...l3.dll

windows11-21h2-x64

3

mars/publi...ue.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

mars/public/nss3.dll

windows11-21h2-x64

3

mars/publi...n3.dll

windows11-21h2-x64

3

mars/publi...e3.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

plugins_manual.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    252s
  • max time network
    265s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/02/2025, 17:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mars/panel/includes/grabload.php

  • Size

    1KB

  • MD5

    d495de4529bf2d779d043059d28848b6

  • SHA1

    2ebad97de8ba0fdc52714cd525e93a19d4f906ff

  • SHA256

    1abb23da29e1b5df3df439694454be89e8b800163fed9a0942ed8170491d8ec7

  • SHA512

    cdb283dfcb29a1ccb06fbe53e3b1b650b4d40f09a1d1c7654e4c89c594345493004757d32066ee079a39d6d1db0d43ca0dde515d0e5e5095d76674fa418b4d1c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mars\panel\includes\grabload.php
    1⤵
    • Modifies registry class
    PID:5300
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.