Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

a3d5647315...d9.jar

windows7-x64

1

a3d5647315...d9.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3d5647315ef95ce7048f07f2145fff4d42a0d0612a7c9930501f250d79c33d9.jar

  • Size

    1.8MB

  • MD5

    fb880ff9bb0e12b0e6d5d2330f2bc3e7

  • SHA1

    a09b9e81783f5db631d3a117f8ede6dfcc59b6a1

  • SHA256

    a3d5647315ef95ce7048f07f2145fff4d42a0d0612a7c9930501f250d79c33d9

  • SHA512

    e363abc4766e79ef24eb0dda3d7716d727fd18cef2edf0fd0648c2a7ad01e4fb924d1aeb5851a32c1c18c37552eff025b3431d66968584de4adc1ef63716c66b

  • SSDEEP

    49152:49CPqXXs/zyuy3co3p8h9bpT9b8IdP3PlMzxB9DsEUXjaM1F:k6qXX8zyuy3Tp8hfT9tP3Plk9rCaM1F

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\a3d5647315ef95ce7048f07f2145fff4d42a0d0612a7c9930501f250d79c33d9.jar
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    597a41defc8ecb57e97c45ee316c54fa

    SHA1

    0722dd73bf1706fb902f85d3e6e4b92777678b61

    SHA256

    08e0fd99e8dd98decc3391c1c22fb46da1f31b72af19c6ddc785f3875917e23b

    SHA512

    727c297579c05177857e12fcc1eb708767dfee10823f5efc3db764180acc6089e9544416121099ce11062802b341b11f973ff862d3733311816f236bc3d5e9b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sense_loader\CC00000065D3B08D0003DF62F5805610-1828159100_loader_windows_x64.dll
    Filesize

    1.1MB

    MD5

    15b9496221506f747ea3ba721c844a16

    SHA1

    a2d7aec13e0a7ded07b89333ee6fb0efb0d2c688

    SHA256

    33c089c6f20de6ca3e3c80b81d60f589bf2c91f42485eacff8cfa80e774804ab

    SHA512

    aac0658bb24d1ad75e08149c5c8326a3c25337435c00eacec301f08d44073b8de6197f11671d9ddf75dae0cf899f6bfdce88dc6044f56236a2f16a0496a12767

    Download Submit

  • memory/3160-4-0x0000028000000000-0x0000028001000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3160-17-0x00000280141C0000-0x00000280141E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3160-23-0x000002807D4B0000-0x000002807D4B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3160-27-0x00000280141C0000-0x00000280141E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3160-28-0x00000280141C0000-0x00000280141E2000-memory.dmp

    Filesize

    136KB

    Download