Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Mars Steal...der.7z

windows11-21h2-x64

1

Win32.Mars...nu.exe

windows11-21h2-x64

3

Win32.Mars...PC.exe

windows11-21h2-x64

7

Win32.Mars...DME.md

windows11-21h2-x64

3

Win32.Mars...v3.rar

windows11-21h2-x64

1

mars/panel...rd.php

windows11-21h2-x64

3

mars/panel/footer.php

windows11-21h2-x64

3

mars/panel/grab.php

windows11-21h2-x64

3

mars/panel/header.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ut.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel/loader.php

windows11-21h2-x64

3

mars/panel/login.php

windows11-21h2-x64

3

mars/panel/logs.js

windows11-21h2-x64

3

mars/panel/marker.php

windows11-21h2-x64

3

mars/panel...gs.php

windows11-21h2-x64

3

mars/publi...l3.dll

windows11-21h2-x64

3

mars/publi...ue.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

mars/public/nss3.dll

windows11-21h2-x64

3

mars/publi...n3.dll

windows11-21h2-x64

3

mars/publi...e3.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

plugins_manual.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/02/2025, 17:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mars/panel/marker.php

  • Size

    4KB

  • MD5

    4930f3ca7c5131a8304e3f0f5c8b6916

  • SHA1

    a88d5d7b9eadc598c09b7178cfea20e403863cfb

  • SHA256

    37a917da464a9a0d5d07fd564c07ab211a77ae0c19e1410f6938d1ce92424e1e

  • SHA512

    a8de5f4fb7c9cc48e2d5215ace578a3b542b3df42aa6ff703e8c908222a0932f7740114a072e18f385c8ef226f9a1b8857407929887bd549a9473a8281e031a5

  • SSDEEP

    48:GRoWSa2xGBro3CUHGmqjmbPF64jYN6PumQL301hTC:YNcxGBky2NqjkVsX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mars\panel\marker.php
    1⤵
    • Modifies registry class
    PID:4128
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.