Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

classes/ja....class

windows7-x64

3

classes/ja....class

windows10-2004-x64

3

classes/ja....class

windows7-x64

3

classes/ja....class

windows10-2004-x64

3

classes/ja....class

windows7-x64

3

classes/ja....class

windows10-2004-x64

3

classes/mo....class

windows7-x64

3

classes/mo....class

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2023, 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    classes/javax/transaction/xa/XAResource.class

  • Size

    1KB

  • MD5

    c202413e0488d04febf41a27d7c03d7e

  • SHA1

    5541dcfb68207a0e4d7ba15bf3041168d720c5bf

  • SHA256

    136e8ff22db14721381abae8a840203bca732d95e76214749b9959bbbb1be54a

  • SHA512

    269964e8e63f52a9a094def51942ba3545a97af43d2e1c4ae4f5830d73e50d89709b7201b11dc1350689683a4fd65d9f16633181222b39d21eddbcf326dc71ca

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\classes\javax\transaction\xa\XAResource.class
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\classes\javax\transaction\xa\XAResource.class
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:520
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\classes\javax\transaction\xa\XAResource.class"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    decad4f75897f96abe654a759962128c

    SHA1

    bd19a0ebcfda274c676f0ebb2cf22874268a9cbf

    SHA256

    db1d6b708f61a4e4e5eea7f46140649d67059b2304f186628fa064dfe496e077

    SHA512

    43b15fb75cb3c247ae37051dfc653785daad3d50dadfa73750aa5103ecd86a4ded5238676f9c38c6e622dda9d545fc74ca0ca27f1f390d4c3e125040a126ba8e

    Download Submit