Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    123s
  • max time network
    140s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 15:25

General

  • Target

    weka-3-9-6-azul-zulu-windows.exe

  • Size

    126.9MB

  • MD5

    6a1b2c1bfb5622c104ac8bd3d6248f3f

  • SHA1

    10b213eb1c3a54030eeb9b2cdfa2c4e0b7a6ae4f

  • SHA256

    e21d58bd08e5380dbac2aa665c0371f126dab74a4420cc949fa1c1a16e860c92

  • SHA512

    518fdb0a4ddca54060d1905e8fb923d3f9cd952855cb55858220f2075e1ac6304882d23d5cecbc1c95a21db792ec3e8c3193be5a6c3d28ab31ddbeedaba145da

  • SSDEEP

    3145728:QvWG6EVGRZGAKa+LYlVHQqxY7NFdp8eIPhtcv+JMUI:QMRKjU7mRxB7+WUI

Score
4/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\weka-3-9-6-azul-zulu-windows.exe
    "C:\Users\Admin\AppData\Local\Temp\weka-3-9-6-azul-zulu-windows.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2588
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4736
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Weka-3-9-6\Weka 3.9.6.lnk

      Filesize

      2KB

      MD5

      e9248ba5f6ef9b25bad614058047e8a4

      SHA1

      cbf049d65ad37e92f1026ce3ad74131632936683

      SHA256

      a1020d183a038fdb538d483f27aceec343942622df69a311131148b05b741e16

      SHA512

      3a250dbaaba0af0154674f23afdbd58d05a6701d9cec676c7d37f1dcbae4b20cb57f7f0d2f86380d4042ae72445189daaee2bceecd257f7b6cb67a31096577c2

    • C:\Program Files\Weka-3-9-6\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\legal\java.logging\ADDITIONAL_LICENSE_INFO

      Filesize

      49B

      MD5

      19c9d1d2aad61ce9cb8fb7f20ef1ca98

      SHA1

      2db86ab706d9b73feeb51a904be03b63bee92baf

      SHA256

      ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

      SHA512

      7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

    • C:\Program Files\Weka-3-9-6\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\legal\java.logging\ASSEMBLY_EXCEPTION

      Filesize

      44B

      MD5

      7caf4cdbb99569deb047c20f1aad47c4

      SHA1

      24e7497426d27fe3c17774242883ccbed8f54b4d

      SHA256

      b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

      SHA512

      a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

    • C:\Program Files\Weka-3-9-6\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\legal\java.logging\LICENSE

      Filesize

      33B

      MD5

      16989bab922811e28b64ac30449a5d05

      SHA1

      51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

      SHA256

      86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

      SHA512

      86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weka 3.9.6\Weka 3.9.6 (with console).lnk

      Filesize

      2KB

      MD5

      d7309ca21ce2165b420f2aa62cf9fc8d

      SHA1

      3c905b0618b4b733a4856dd3e6845d5f2fff12cf

      SHA256

      82cc307a9cdfa7fe043eb40e0cbfd4f3e5d735bd86256a2facf80f3e0bc401d3

      SHA512

      3068cbb75da0ded7eec5af5e862ac5be70c520f1530dea917d99a8f0a2a40ec8464f1431e23db28b53370e7754fd8c7fd6e14d7df63bfc41d778d9564dfca624

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

      Filesize

      11KB

      MD5

      dca1ccce8f08c937ebced15be33e8427

      SHA1

      5ce02d5ed988aa6d5730f3272b9f72acd4b8f296

      SHA256

      7e206ec193b1873baed8ac4a9cd7409b85784f9df3c3cfb6de6470befcc6ada0

      SHA512

      c05c8e8a26955c51565b8a6c46403d174709cd2e7eb33a0cd4f60dd650eb41d7721a356a35a12ea7d956f0f7c3e45fa77e0f8b2d8e5adf9daf45411944cf9783

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

      Filesize

      11KB

      MD5

      8b9452f58585cfebf47d229ac440f983

      SHA1

      270f86f49ecbdf9a55a33ebfb3fcd0b8edf9b3db

      SHA256

      1775c4816124370f34ba147e681e79c1d3b406e4c01fde065a0f4bc670adf170

      SHA512

      f642c5d1f5b3004f485d00795f08fbde3774cd8987ed3e4397d23764f64276a785ddae1f5f955f15adbdffd06b663537e7d7aafe43fe3a8cd5c95f2eb42498ae

    • C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\InstallOptions.dll

      Filesize

      14KB

      MD5

      5f35212d7e90ee622b10be39b09bd270

      SHA1

      c4bc9593902adf6daaef37e456dc6100d50d0925

      SHA256

      31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

      SHA512

      7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

    • C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\StartMenu.dll

      Filesize

      7KB

      MD5

      26836307758e048d1ce0afe754d6a972

      SHA1

      23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

      SHA256

      a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

      SHA512

      aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

    • C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\System.dll

      Filesize

      11KB

      MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

      SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

      SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

      SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\ioSpecial.ini

      Filesize

      682B

      MD5

      7a2da161ad93c50ffc64ecfeb38a8db4

      SHA1

      67bfa80aedf6db75e1c1c8a9a771348f053d47b7

      SHA256

      60d0de99dab041f28eab5bdb5935a219c4db0789053e00b620aaee693eb0b4ca

      SHA512

      f7b908975ca6c7492c804f90db8dd8e1201021828c06970f1c7130a4ab6cacdc8b8ea2302e48f6cf7b9f1865922513d83c84539e11c72ebb26616dede092cdda

    • C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\ioSpecial.ini

      Filesize

      533B

      MD5

      5763b60335d5ce136abfe1bbdbccef9f

      SHA1

      8e42c20c78c0e58edbc797cf5e44ce5bcc24173e

      SHA256

      ff881b8ef7657162c83fce2ce50eecf9f4d296ce17c1e74389a13dd490885bbf

      SHA512

      cc36298289b8882cbdd7af4a2d1621ca7b04552a104f1755ad57acc1d6c0f75989b6d5cab628b083bc1b8f887ac16516c86c002d682f06b98a0a519a4b5d3164