Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
133s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
05/10/2020, 13:12
Static task
static1
Behavioral task
behavioral1
Sample
Slip_10.1.2020.jar
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Slip_10.1.2020.jar
Resource
win10v200722
0 signatures
0 seconds
General
-
Target
Slip_10.1.2020.jar
-
Size
126KB
-
MD5
c409b8088011c0c7f0a60104856aaad0
-
SHA1
700105ddc1b0ec309b51dbbcc3f0c4d9f4d19b51
-
SHA256
b1c54b134f69cda656090b49dfdfc51389c0ae0c5825b2b9812d13d58d528f21
-
SHA512
8d38452fe3d6a5f1cdad504046d211ec1acf9264f2d70aea70c715f07997f7793fbfc682321adc4d6d8ee442fc56092fcb2fcfb7e5f29b04b3806658df4990b8
Score
10/10
Malware Config
Signatures
-
QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
-
Executes dropped EXE 1 IoCs
pid Process 3676 node.exe -
JavaScript code in executable 1 IoCs
resource yara_rule behavioral2/files/0x000100000001ad5c-167.dat js -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3676 node.exe 3676 node.exe 3676 node.exe 3676 node.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1568 wrote to memory of 2904 1568 java.exe 73 PID 1568 wrote to memory of 2904 1568 java.exe 73 PID 2904 wrote to memory of 3676 2904 javaw.exe 77 PID 2904 wrote to memory of 3676 2904 javaw.exe 77
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Slip_10.1.2020.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1568 -
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:\Users\Admin\AppData\Local\Temp\e4569cc6.tmp2⤵
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Users\Admin\node-v14.12.0-win-x64\node.exeC:\Users\Admin\node-v14.12.0-win-x64\node.exe - --hub-domain localhost --hub-domain ramos01.hopto.org3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
-