Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    49s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 17:35

General

  • Target

    f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar

  • Size

    49KB

  • MD5

    c083fea491f147194d3b90d4e48cfa49

  • SHA1

    a5af55828ff27ea611e2eca3f19301297572ef7d

  • SHA256

    f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a

  • SHA512

    c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98

  • SSDEEP

    768:9k6CTyR6z0gST8bwui6s0fSxHmB55j25d8jNiTMrHaKFj/ejtTOERqR:9k6C547T4wGsjFC5s5UNEs6KEjtCP

Score
8/10

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\system32\reg.exe
      reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v DOsW1fb3MJ /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt\"" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:524
    • C:\Windows\system32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:632
    • C:\Windows\system32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\*.*"
      2⤵
      • Sets file to hidden
      • Drops desktop.ini file(s)
      • Views/modifies file attributes
      PID:1632
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt"
      2⤵
        PID:1820

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\BRMEuz4akD\Desktop.ini

      Filesize

      63B

      MD5

      e783bdd20a976eaeaae1ff4624487420

      SHA1

      c2a44fab9df00b3e11582546b16612333c2f9286

      SHA256

      2f65fa9c7ed712f493782abf91467f869419a2f8b5adf23b44019c08190fa3f3

      SHA512

      8c883678e4625ef44f4885b8c6d7485196774f9cb0b9eee7dd18711749bcae474163df9965effcd13ecd1a33cd7265010c152f8504d6013e4f4d85d68a901a80

    • C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt

      Filesize

      49KB

      MD5

      c083fea491f147194d3b90d4e48cfa49

      SHA1

      a5af55828ff27ea611e2eca3f19301297572ef7d

      SHA256

      f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a

      SHA512

      c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98

    • memory/1480-54-0x000007FEFB9E1000-0x000007FEFB9E3000-memory.dmp

      Filesize

      8KB

    • memory/1480-64-0x00000000020E0000-0x00000000050E0000-memory.dmp

      Filesize

      48.0MB

    • memory/1820-82-0x00000000020A0000-0x00000000050A0000-memory.dmp

      Filesize

      48.0MB

    • memory/1820-83-0x00000000020A0000-0x00000000050A0000-memory.dmp

      Filesize

      48.0MB