Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

OpenJDK17U..._7.msi

windows7-x64

8

OpenJDK17U..._7.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    82s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2023, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OpenJDK17U-jdk_x64_windows_hotspot_17.0.8_7.msi

  • Size

    159.9MB

  • MD5

    4e0e133213c232dad28206647a3dcb9e

  • SHA1

    8d91e617a97c48f6f1e1ab199e15c7fcce0f23ef

  • SHA256

    f045a19606c92d1fb64a3aec9d0f9dffbeaf08a794d9ec7e2c7a316bc016979e

  • SHA512

    5164d05b4596b3b01724958cf9823818cd68604cae3e1337b4c47959032524eee6e76cfbb2d3c53d792b096fda42ce88cc7d2dab6c8cea90a8e5ab59de84dfb4

  • SSDEEP

    3145728:9XIqPHg1tI+IaCjAdvQTnRWXLgplTmvonQegjejY:990tI+IcyaLCgvwQcM

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 11 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 35 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\OpenJDK17U-jdk_x64_windows_hotspot_17.0.8_7.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2376
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2496
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding D46BA90E122A2EB0866D894110B8066D
        2⤵
        • Loads dropped DLL
        PID:4872
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e581eee.rbs
      Filesize

      137KB

      MD5

      647d6a341907fc3ca6312d9779e02f51

      SHA1

      52a613734c147a8758d2ba89fec7019d886b875c

      SHA256

      baae0f6e589f94c5160e9a4c2b110b1ac0906444d0ece0c7de249d3ccae9dc6e

      SHA512

      15179873f395699e62a799c966e45dc03f090009503fc48c0857a5b813a156256ea4c35c7ab44ac41b5dd21605dcdb7db4d9a94928c94c0cb572929a155c6530

      Download Submit

    • C:\Program Files\Eclipse Adoptium\jdk-17.0.8.7-hotspot\legal\java.datatransfer\LICENSE
      Filesize

      33B

      MD5

      16989bab922811e28b64ac30449a5d05

      SHA1

      51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

      SHA256

      86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

      SHA512

      86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

      Download Submit

    • C:\Program Files\Eclipse Adoptium\jdk-17.0.8.7-hotspot\legal\jdk.javadoc\ASSEMBLY_EXCEPTION
      Filesize

      44B

      MD5

      7caf4cdbb99569deb047c20f1aad47c4

      SHA1

      24e7497426d27fe3c17774242883ccbed8f54b4d

      SHA256

      b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

      SHA512

      a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

      Download Submit

    • C:\Program Files\Eclipse Adoptium\jdk-17.0.8.7-hotspot\legal\jdk.security.auth\ADDITIONAL_LICENSE_INFO
      Filesize

      49B

      MD5

      19c9d1d2aad61ce9cb8fb7f20ef1ca98

      SHA1

      2db86ab706d9b73feeb51a904be03b63bee92baf

      SHA256

      ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

      SHA512

      7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7BC5F90409EE2E35163A2912D5491BD6
      Filesize

      727B

      MD5

      1a59c624ef860111c6cdf268cd6db751

      SHA1

      40105c2443138b7f282673713f90a0d36bc76c44

      SHA256

      2af3fbda392ee0ce473ae4f493eab17d1c53450900a255211496db6dbfa7c20d

      SHA512

      d9879d833d4fedaada6de919cd1c999e8df9b7ebe5d363e64dc58faf4e044893154a73766aadb84c467c9257b42b9ab4a36340e9161f6a49f423394a12d79c32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      727B

      MD5

      d57efbd2a833cd2e829e827fcfc81017

      SHA1

      731e8a4ae9514993874e65e7ad28fe0796fddd0a

      SHA256

      6cb5dda1d35b946c2b3fa9836405903c57e1361d5bae4a947711e4863d766608

      SHA512

      e295e34ea35b457c0f07518d077d48c4b7ba996035fa27e044b6bbdb3578f042898c747e9e7a747d45ac18567448754d9c4686b21781928712cefe61c70445fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7BC5F90409EE2E35163A2912D5491BD6
      Filesize

      404B

      MD5

      0d3f333b53d551f7926fbbb9c3ff37c1

      SHA1

      a1c4f93eedc46f02b847e4fdc636831ac82a433c

      SHA256

      1001c0cab19a8ceda222ec8c44ad92a4ea37662b49bd662f2199f2ada656fbd5

      SHA512

      6d2cb30a76218e756845cab11b3b75cd8806aa41c33f115ab442c304f0a6810a0f04970a4e11f7630c2188b481d53eab2fb4b80662616d2378d8d856cad7ef2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      412B

      MD5

      0bc824b00db081692a2925092e01de9b

      SHA1

      18a426e2a5ac98ff051f5f0b13394100090fb506

      SHA256

      268b6e79d243e06cb09c951945a1fe016a4f7f94ad0636262c7857871ff85571

      SHA512

      96cfc962450d3edeb2b748c802306946b494e6f26849b1894a0a257e069422f0351f7db9558ec6a3f681d02302d1ce87f4eda71a3f2d075438faf916ca168ebf

      Download Submit

    • C:\Windows\Installer\MSI24D9.tmp
      Filesize

      215KB

      MD5

      5a36af31695af76ce3aa1507611fe5bd

      SHA1

      255787a75d37258a02e6f0d19a83d96b46654d80

      SHA256

      17a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118

      SHA512

      b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d

      Download Submit

    • C:\Windows\Installer\MSI24D9.tmp
      Filesize

      215KB

      MD5

      5a36af31695af76ce3aa1507611fe5bd

      SHA1

      255787a75d37258a02e6f0d19a83d96b46654d80

      SHA256

      17a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118

      SHA512

      b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d

      Download Submit

    • C:\Windows\Installer\e581eed.msi
      Filesize

      159.9MB

      MD5

      4e0e133213c232dad28206647a3dcb9e

      SHA1

      8d91e617a97c48f6f1e1ab199e15c7fcce0f23ef

      SHA256

      f045a19606c92d1fb64a3aec9d0f9dffbeaf08a794d9ec7e2c7a316bc016979e

      SHA512

      5164d05b4596b3b01724958cf9823818cd68604cae3e1337b4c47959032524eee6e76cfbb2d3c53d792b096fda42ce88cc7d2dab6c8cea90a8e5ab59de84dfb4

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.0MB

      MD5

      47fab06a73f051b018a1b920905f7c15

      SHA1

      fab6e82225c329389039f626000935dcdd11b337

      SHA256

      104721a967dbb87f27c832976f420902362b82b32e1853d1bcc10057626008d8

      SHA512

      f4e7b3cb6409c27e4da429cb3b4cc31cfa5fbd5f45b841c0ae007d1f838ba82e36f4a5641979a5b8a12aff9ff4fc8abe26f2bbdd79c3b9e37ecdc45a90feed0b

      Download Submit

    • \??\Volume{87184775-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e82f50d3-223f-47f5-9845-7035d547525b}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      d0c9c3a1590eb229510a89881b55b276

      SHA1

      53b11bbacd6ca1716587cc12dc3688852b9533a0

      SHA256

      2acdfaae8b0a09b22dcc8a62be820420712a303e63c712af885f4be6004beacd

      SHA512

      25133ab7d79215cbee12eb2503e27d1618f9a96860105181f761118574a1409f7c00f0ebf56952392324e87980942350c429bfa37f3e63cf4a8474989f01a872

      Download Submit