Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

api-4.0.1.jar

windows10-1703-x64

1

api-4.0.1.jar

macos-10.15-amd64

1

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/06/2023, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    api-4.0.1.jar

  • Size

    9KB

  • MD5

    b0486a4b1c8b9caa2d5a98990f529260

  • SHA1

    e0bc67c8f5cc2b2ff3915218d9ebcba58540680b

  • SHA256

    2b5afdb55a96b1bfa3d93d2099af38247b48dad1b9084f3a062a441797035970

  • SHA512

    2d1df36abbdaaf1b8beb48e4f1fe0de0c4128036c13eb7303975f74db28b435a78cc140cc5726c538ca184923dc6ea5dcfd03a146863f16cb935b6492c13a0af

  • SSDEEP

    192:8qcHqcLObQXl0lbGItDFyhQOfzE0nQeCz3fEbJflcZCjZujXFMVw:8V3ObElauois3fEbtlNjuXCW

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\api-4.0.1.jar
    1⤵
      PID:2052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4408
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3920
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.0.2057823872\1879147803" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1652 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76bd22af-31a5-4fdd-8bc0-3c88f0d7341a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 1732 1fb23e19f58 gpu
          3⤵
            PID:4308
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.1.637709808\239634876" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28f167c0-b6ed-4070-86fa-34868a896a0e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2088 1fb22c12558 socket
            3⤵
              PID:3108
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.2.1457132614\1441022822" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2872 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac95cb4d-1d0c-45ee-a76f-a76432b33c0a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2908 1fb22c96c58 tab
              3⤵
                PID:4828
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.3.1794822295\594032226" -childID 2 -isForBrowser -prefsHandle 1060 -prefMapHandle 1056 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0919738f-0055-46df-a799-04564e7c7948} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3296 1fb17767e58 tab
                3⤵
                  PID:3204
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.4.269597638\820784918" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1410fa-a799-49ac-a623-330dac9d0fee} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3764 1fb27f78a58 tab
                  3⤵
                    PID:5064
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.5.282010447\289821001" -childID 4 -isForBrowser -prefsHandle 4712 -prefMapHandle 4440 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d2d3b0-a598-4acc-af78-56a7410674e6} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4748 1fb2993c258 tab
                    3⤵
                      PID:2672
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.6.1928548611\1820906368" -childID 5 -isForBrowser -prefsHandle 4880 -prefMapHandle 4884 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cb6d0ac-7572-41d7-8b54-e20efbe30b22} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4872 1fb2993ce58 tab
                      3⤵
                        PID:1984
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.7.658142441\913870292" -childID 6 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {984b70f7-503e-4a44-a985-50df010691cc} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5060 1fb2993b358 tab
                        3⤵
                          PID:4300
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.8.258334122\1858071577" -childID 7 -isForBrowser -prefsHandle 3132 -prefMapHandle 3144 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4cb2f07-cfa7-4ce1-8954-0f2e0a9bf9d8} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2740 1fb1776ca58 tab
                          3⤵
                            PID:4768

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        150KB

                        MD5

                        1624b12ac24a87c7092c667a8d5d9502

                        SHA1

                        6c576ff7dcc3ff5c300887e5fcb1991bc1356f31

                        SHA256

                        76390342f994cdcc32301df92dc3cd5b7ffa84c97f2068c46f0db78555965617

                        SHA512

                        9f24734cf863f72b66befc6631257df1686fba149f1a9eb0b518364ed0146085ff14e6ede7e9cb6ef19407db3ac9e4991cc8000b1af8752b03e1e8d05ee8232e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        c205c8a6591363331cd60c7286ad4ac1

                        SHA1

                        7d4c89374e88116484984f5d0b5df0d59aa63ecf

                        SHA256

                        81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

                        SHA512

                        fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        189d7ebc93631fe5c39f31ae7a938fda

                        SHA1

                        bdabab74addd799823e070157bfaaf8b5ebe31e3

                        SHA256

                        5f10967b48a242e49238aa4c03e614c04a94138c520273949a51498007bb05ed

                        SHA512

                        f144e76273cb2e1c784688b6d88dc15c352c09e4e3a32899417576d6839124f7215523850f825bce6f0d5fc577bac48826dc244e5f12f0cbd17eefa075cac581

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        05b88cea358c3877ac31b00e5ad3045e

                        SHA1

                        dec7aae39554af7f87c2b7c03b554d352eddc803

                        SHA256

                        7f41953b146a541a8fff57c1ac03e67cf3cdf428dc3f96b32dbc398ec0411fb7

                        SHA512

                        f79efee8afde4e2fb6aa892a9881dfd3f5774930321a5ca4106f5a594266745c38d73fb9b2394a20fb427b2e88171177ee52f94921f2d517e2e249cc9e810c16

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        cda01972be33876fc777def893b09b7b

                        SHA1

                        1a8f83f34beeb569a5d2e2e1cd45a7ecd3d90e3d

                        SHA256

                        69cd4e0ad3ce91f42268cd122561190a4c238e8b7b963b0cf97ec47c5e3bf709

                        SHA512

                        19769948f3cbe39be43978030ddf511fc63386b2e221043dbd900f8c8a97b2a713154b680e97cff789ad635e25781c86f5b05f32abee5f688067df2de54f15fe

                        Download Submit

                      • memory/2052-131-0x00000000020F0000-0x00000000020F1000-memory.dmp

                        Filesize

                        4KB

                        Download