Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

f2be302712...0a.jar

windows7-x64

8

f2be302712...0a.jar

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar

  • Size

    49KB

  • MD5

    c083fea491f147194d3b90d4e48cfa49

  • SHA1

    a5af55828ff27ea611e2eca3f19301297572ef7d

  • SHA256

    f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a

  • SHA512

    c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98

  • SSDEEP

    768:9k6CTyR6z0gST8bwui6s0fSxHmB55j25d8jNiTMrHaKFj/ejtTOERqR:9k6C547T4wGsjFC5s5UNEs6KEjtCP

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry key 1 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a.jar
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Windows\SYSTEM32\reg.exe
      reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v DOsW1fb3MJ /t REG_SZ /d "\"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt\"" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:1956
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\*.*"
      2⤵
      • Sets file to hidden
      • Drops desktop.ini file(s)
      • Views/modifies file attributes
      PID:2828
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\BRMEuz4akD"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:2700
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:884
      • C:\Windows\SYSTEM32\reg.exe
        reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v DOsW1fb3MJ /t REG_SZ /d "\"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt\"" /f
        3⤵
        • Adds Run key to start application
        • Modifies registry key
        PID:3632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
    Filesize

    50B

    MD5

    e1ab0096207f1b079c6f6bbb26151ef4

    SHA1

    866d4d5488da29cd5b9aaa6d68d7bd4c4ace21d9

    SHA256

    8e30982965e1f51897d4b16da1cfe83585f0f56e44821decd9fdfb9cbc8e0ccb

    SHA512

    2cfb550825057388ee91fb5a425c4fe2524cba82535ae7f50afe36e2e96352fbe5656b2bd3b367ef8293f0cf510e6c023c9fc582e3f81d60e4e70e952aa93c72

    Download Submit

  • C:\Users\Admin\AppData\Roaming\BRMEuz4akD\Desktop.ini
    Filesize

    63B

    MD5

    e783bdd20a976eaeaae1ff4624487420

    SHA1

    c2a44fab9df00b3e11582546b16612333c2f9286

    SHA256

    2f65fa9c7ed712f493782abf91467f869419a2f8b5adf23b44019c08190fa3f3

    SHA512

    8c883678e4625ef44f4885b8c6d7485196774f9cb0b9eee7dd18711749bcae474163df9965effcd13ecd1a33cd7265010c152f8504d6013e4f4d85d68a901a80

    Download Submit

  • C:\Users\Admin\AppData\Roaming\BRMEuz4akD\puyx8f9QIQ.txt
    Filesize

    49KB

    MD5

    c083fea491f147194d3b90d4e48cfa49

    SHA1

    a5af55828ff27ea611e2eca3f19301297572ef7d

    SHA256

    f2be302712cf964184b2817333fb2a30ddb27ce667af58228fbc0056fe0b360a

    SHA512

    c6209ab3684de5e15a4f9a3f2c87d659f63635916945014df6adffdb5126a5bd8c0aaaaf529e5a94aeb922a1136b85bdffbec2cae1bc72cfc4b1104b3bf70f98

    Download Submit

  • memory/884-178-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-177-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-170-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-179-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-182-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-163-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-171-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/884-169-0x00000000024E0000-0x00000000034E0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4460-174-0x0000000003270000-0x0000000004270000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4460-134-0x0000000003270000-0x0000000004270000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4460-145-0x0000000003270000-0x0000000004270000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4460-137-0x0000000003270000-0x0000000004270000-memory.dmp

    Filesize

    16.0MB

    Download