Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

b2a713c200...69.jar

windows7-x64

3

b2a713c200...69.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2a713c200db40a2516497ba113d3198742535cbb07745e625ce658ace882d69.jar

  • Size

    184KB

  • MD5

    7ce3e372d644ecd63ec9393e12f10f3d

  • SHA1

    9a8fb48b8c803ddb01357dbe4cf2aac845403926

  • SHA256

    b2a713c200db40a2516497ba113d3198742535cbb07745e625ce658ace882d69

  • SHA512

    5e079b575dab0470d813a5ce18b8a6f9dd076335a237c3fa37d12c94e7e0baed03165068d921e16328f86b6cc236e6ca31efb18df735f74e5f7c73ed1b71d5b9

  • SSDEEP

    3072:0L7ikOOC1uBkeQERXx1uQmThP/w6Fr/eU3UcX3adbYkURt20rgy8ZItdUB98ZUuQ:RFOCABkeBSQmThPIoEcX2bYkURkCgy87

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\b2a713c200db40a2516497ba113d3198742535cbb07745e625ce658ace882d69.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\pfjpbuvttb.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Windows\regedit.exe
        "regedit.exe" "C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg"
        3⤵
        • Runs .reg file with regedit
        PID:512
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\nbkcirynm.txt"
        3⤵
          PID:1044

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg
      Filesize

      143B

      MD5

      0e5411d7ecba9a435afda71c6c39d8fd

      SHA1

      2d6812052bf7be1b5e213e1d813ae39faa07284c

      SHA256

      cb68d50df5817e51ec5b2f72893dc4c749bf3504519107e0a78dda84d55f09e2

      SHA512

      903ac6e5c8a12607af267b54bcbbedfa5542c5b4f7ea289ab7c6a32a424d5b846ae406d830cb4ad48e2b46f92c504163c0856af8c3e09685a8855f39f616ddb1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\nbkcirynm.txt
      Filesize

      92KB

      MD5

      b3a05d912b60e2c471f690a04a502ac0

      SHA1

      2a7f45bd33f6e7c01e9d6e214fa019d2b428b1b3

      SHA256

      cc1829c675aeee4047bc29bf4add2bc0f352703645abf5c07c1e22af01268e4d

      SHA512

      99ec58267ada08a29851fb52aa664f619e4cac13b22b9c7c3d01011666da451a49ad547b295bd65ce2bb4e555e8f1b90470c5c978e3ed33e5e077e38d8bf1880

      Download Submit

    • C:\Users\Admin\pfjpbuvttb.js
      Filesize

      845KB

      MD5

      b306aece166677eb58828372a6b9e1d6

      SHA1

      01fee2f330c0479ee5059c2fcf1c7563e8a12df4

      SHA256

      07b29512e4a1d43e3e96fa2c16cd9ddaf9ed8585278ce183caa60e3f2b0e2184

      SHA512

      eff0158d7b0993f34369fc8e04c42e9538cee7410d06aed89e88eb94c71877df82ff6cfe3a9afc43cf182daf70b119e98c3f58ac6f814bdcdaaa58e8a0a46179

      Download Submit

    • memory/512-70-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1044-83-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1044-84-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1044-103-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-63-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-66-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download