Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1jar-infect...ib.dll
windows7-x64
1jar-infect...ib.dll
windows10-2004-x64
1jar-infect...er.exe
windows7-x64
1jar-infect...er.exe
windows10-2004-x64
jar-infect...config
windows7-x64
3jar-infect...config
windows10-2004-x64
3jar-infect...ll.dll
windows7-x64
1jar-infect...ll.dll
windows10-2004-x64
1jar-infect...ck.dll
windows7-x64
1jar-infect...ck.dll
windows10-2004-x64
1jar-infect...rs.dll
windows7-x64
1jar-infect...rs.dll
windows10-2004-x64
1jar-infect...ry.dll
windows7-x64
1jar-infect...ry.dll
windows10-2004-x64
1jar-infect...rs.dll
windows7-x64
1jar-infect...rs.dll
windows10-2004-x64
1jar-infect...fe.dll
windows7-x64
1jar-infect...fe.dll
windows10-2004-x64
1jar-infect...ns.dll
windows7-x64
1jar-infect...ns.dll
windows10-2004-x64
1Analysis
-
max time kernel
1199s -
max time network
877s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08/06/2023, 21:13
Static task
static1
Behavioral task
behavioral1
Sample
jar-infection-scanner/ICSharpCode.SharpZipLib.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
jar-infection-scanner/ICSharpCode.SharpZipLib.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
jar-infection-scanner/JarInfectionScanner.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
jar-infection-scanner/JarInfectionScanner.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
jar-infection-scanner/JarInfectionScanner.exe.config
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
jar-infection-scanner/JarInfectionScanner.exe.config
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
jar-infection-scanner/Microsoft.WindowsAPICodePack.Shell.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
jar-infection-scanner/Microsoft.WindowsAPICodePack.Shell.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
jar-infection-scanner/Microsoft.WindowsAPICodePack.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
jar-infection-scanner/Microsoft.WindowsAPICodePack.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
jar-infection-scanner/System.Buffers.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
jar-infection-scanner/System.Buffers.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
jar-infection-scanner/System.Memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
jar-infection-scanner/System.Memory.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
jar-infection-scanner/System.Numerics.Vectors.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
jar-infection-scanner/System.Numerics.Vectors.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
jar-infection-scanner/System.Runtime.CompilerServices.Unsafe.dll
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
jar-infection-scanner/System.Runtime.CompilerServices.Unsafe.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
jar-infection-scanner/System.Threading.Tasks.Extensions.dll
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
jar-infection-scanner/System.Threading.Tasks.Extensions.dll
Resource
win10v2004-20230220-en
General
-
Target
jar-infection-scanner/JarInfectionScanner.exe.config
-
Size
541B
-
MD5
037326d0ede5d00677cb80c074cdc349
-
SHA1
7ccf99ccd09a494a8b8ee5e941f6b1592bdebbd5
-
SHA256
430741f4242a67dd22264a71481ad55a7ecd339da5a8433b8d5a41c63fc4b8ee
-
SHA512
c269cb06f05eb2c16e48393ff39cc1bc3986f2c4c31e24496db1bf9079b60ee83a10f61c304fd1e649cc3dcdeb0085c3071eabf098b544e3985ffe9ecfe9c329
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
pid Process 1512 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1512 AcroRd32.exe 1512 AcroRd32.exe 1512 AcroRd32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 1512 1740 cmd.exe 29 PID 1740 wrote to memory of 1512 1740 cmd.exe 29 PID 1740 wrote to memory of 1512 1740 cmd.exe 29 PID 1740 wrote to memory of 1512 1740 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\jar-infection-scanner\JarInfectionScanner.exe.config1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\jar-infection-scanner\JarInfectionScanner.exe.config"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of SetWindowsHookEx
PID:1512
-