Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
49s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
25/11/2022, 17:35
Static task
static1
Behavioral task
behavioral1
Sample
f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar
Resource
win10v2004-20220812-en
General
-
Target
f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar
-
Size
49KB
-
MD5
c083fea491f147194d3b90d4e48cfa49
-
SHA1
a5af55828ff27ea611e2eca3f19301297572ef7d
-
SHA256
f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a
-
SHA512
c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98
-
SSDEEP
768:9k6CTyR6z0gST8bwui6s0fSxHmB55j25d8jNiTMrHaKFj/ejtTOERqR:9k6C547T4wGsjFC5s5UNEs6KEjtCP
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
pid Process 632 attrib.exe 1632 attrib.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run reg.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DOsW1fb3MJ = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\BRMEuz4akD\\puyx8f9QIQ.txt\"" reg.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\BRMEuz4akD\Desktop.ini attrib.exe File created C:\Users\Admin\AppData\Roaming\BRMEuz4akD\Desktop.ini java.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\tem java.exe File opened for modification C:\Windows\tem java.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 524 reg.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1480 java.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1480 wrote to memory of 524 1480 java.exe 28 PID 1480 wrote to memory of 524 1480 java.exe 28 PID 1480 wrote to memory of 524 1480 java.exe 28 PID 1480 wrote to memory of 1632 1480 java.exe 30 PID 1480 wrote to memory of 1632 1480 java.exe 30 PID 1480 wrote to memory of 1632 1480 java.exe 30 PID 1480 wrote to memory of 632 1480 java.exe 29 PID 1480 wrote to memory of 632 1480 java.exe 29 PID 1480 wrote to memory of 632 1480 java.exe 29 PID 1480 wrote to memory of 1820 1480 java.exe 31 PID 1480 wrote to memory of 1820 1480 java.exe 31 PID 1480 wrote to memory of 1820 1480 java.exe 31 -
Views/modifies file attributes 1 TTPs 2 IoCs
pid Process 632 attrib.exe 1632 attrib.exe
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Windows\system32\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v DOsW1fb3MJ /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt\"" /f2⤵
- Adds Run key to start application
- Modifies registry key
PID:524
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD"2⤵
- Sets file to hidden
- Views/modifies file attributes
PID:632
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\*.*"2⤵
- Sets file to hidden
- Drops desktop.ini file(s)
- Views/modifies file attributes
PID:1632
-
-
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt"2⤵PID:1820
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63B
MD5e783bdd20a976eaeaae1ff4624487420
SHA1c2a44fab9df00b3e11582546b16612333c2f9286
SHA2562f65fa9c7ed712f493782abf91467f869419a2f8b5adf23b44019c08190fa3f3
SHA5128c883678e4625ef44f4885b8c6d7485196774f9cb0b9eee7dd18711749bcae474163df9965effcd13ecd1a33cd7265010c152f8504d6013e4f4d85d68a901a80
-
Filesize
49KB
MD5c083fea491f147194d3b90d4e48cfa49
SHA1a5af55828ff27ea611e2eca3f19301297572ef7d
SHA256f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a
SHA512c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98