Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ja-netfilter.jar

windows7-x64

1

ja-netfilter.jar

windows10-2004-x64

7

plugins-je...ns.jar

windows7-x64

1

plugins-je...ns.jar

windows10-2004-x64

7

plugins-je...me.jar

windows7-x64

1

plugins-je...me.jar

windows10-2004-x64

7

plugins-je...er.jar

windows7-x64

1

plugins-je...er.jar

windows10-2004-x64

7

plugins-je...rl.jar

windows7-x64

1

plugins-je...rl.jar

windows10-2004-x64

7

scripts/in...rs.vbs

windows7-x64

3

scripts/in...rs.vbs

windows10-2004-x64

7

scripts/in...er.vbs

windows7-x64

1

scripts/in...er.vbs

windows10-2004-x64

1

scripts/install.sh

ubuntu-18.04-amd64

3

scripts/install.sh

debian-9-armhf

3

scripts/install.sh

debian-9-mips

3

scripts/install.sh

debian-9-mipsel

1

scripts/un...rs.vbs

windows7-x64

3

scripts/un...rs.vbs

windows10-2004-x64

7

scripts/un...er.vbs

windows7-x64

1

scripts/un...er.vbs

windows10-2004-x64

1

scripts/uninstall.sh

ubuntu-18.04-amd64

3

scripts/uninstall.sh

debian-9-armhf

3

scripts/uninstall.sh

debian-9-mips

3

scripts/uninstall.sh

debian-9-mipsel

3

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2023, 09:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugins-jetbrains/dns.jar

  • Size

    4KB

  • MD5

    4f3c516c1704a5569725246d57dd1ae7

  • SHA1

    4e8693b5a7a3837cf7f6db0c4f1316f376d34721

  • SHA256

    d1150b1831b112b93d74a34a10ce6c11606e0d2255d532c29f91f1d92b40a552

  • SHA512

    f885fc751e9035944489578bb037f05521c6258c377c0c7bf8b8d10b799063e6e529c715ecebf9729724f0497f588803d7d463fbb70f5efbd73952624f60d08e

  • SSDEEP

    96:LSyBi1RBhx1yI/OEEKXejuu9lSx/xowSpTz7g8nJfTfTX:LSx1RBhx1y0OPhox/6fpTvgeRTfTX

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\plugins-jetbrains\dns.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    a7a3eb7df285b94d688079f4b85a1456

    SHA1

    289ec43605502b267271e404df19a2d54c1d39cf

    SHA256

    578237479a68a98b50ae299b45602e5d0610e2b320be9c939f17612b0a2104d7

    SHA512

    704584c4104b62151f6fe0f3f9b5ebd11eb49c48bc136ffbc5dbaa6908840bfe481bd3352681ab8b699e0d810bab21b3f2a71f8ccb651dd4ab020f804320a187

    Download Submit

  • memory/3980-4-0x0000026100000000-0x0000026101000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3980-12-0x0000026175ED0000-0x0000026175ED1000-memory.dmp

    Filesize

    4KB

    Download