Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

mods/fabri....2.jar

windows7-x64

1

mods/fabri....2.jar

windows10-2004-x64

7

mods/lithi...10.jar

windows7-x64

1

mods/lithi...10.jar

windows10-2004-x64

7

mods/meteo....8.jar

windows7-x64

1

mods/meteo....8.jar

windows10-2004-x64

7

mods/meteo....2.jar

windows7-x64

1

mods/meteo....2.jar

windows10-2004-x64

7

mods/sodiu...15.jar

windows7-x64

1

mods/sodiu...15.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 14:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mods/sodium-fabric-mc1.18.2-0.4.1+build.15.jar

  • Size

    1.3MB

  • MD5

    601f5c1d8b2b6e3c08a1216000099508

  • SHA1

    f839863a6be7014b8d80058ea1f361521148d049

  • SHA256

    776fb3cd8c8ddee898eb1d9dc88a72d899aaa8792f21914b39ad990cea253784

  • SHA512

    86eb4db8fdb9f0bb06274c4f150b55273b5b770ffc89e0ba68011152a231b79ebe0b1adda0dd194f92cdcb386f7a60863d9fee5d15c1c3547ffa22a19083a1ee

  • SSDEEP

    24576:oERs8iAe/ygK4xNNpvAwo/WgwYQWZ/ZtfoTvzSoa/P5zw1PaJRgq:okOt/HxdAwo/w0Z/ZtAc/B2q

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\mods\sodium-fabric-mc1.18.2-0.4.1+build.15.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3672
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3408

    Network

    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      205.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.178.17.96.in-addr.arpa
      IN PTR
      Response
      205.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-205deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      210.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      210.178.17.96.in-addr.arpa
      IN PTR
      Response
      210.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-210deploystaticakamaitechnologiescom
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      189.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      189.178.17.96.in-addr.arpa
      IN PTR
      Response
      189.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-189deploystaticakamaitechnologiescom
    • 142.250.179.202:443
      92 B
       40 B
       2
      1
    • 94.245.104.56:443
      184 B
       4
    • 51.140.242.104:443
      138 B
       3
    • 51.140.244.186:443
      138 B
       3
    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      205.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      205.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      140 B
       156 B
       2
      1

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      210.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      210.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      189.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      189.178.17.96.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      3288a769aeab770154aacdbb08f125c1

      SHA1

      229b683245c0dd031bad701cb9f29923b1cc8fac

      SHA256

      b689b6dde34cdcadff586e8c06fdfc9d67bba3fb4f9fe967d1374f8cd64868fd

      SHA512

      2037d24dffc9af2defb3bfe3f7d48d6a73f57cb7e6a26951685312ecf15a2d4417476d7424c3d2690158f743259acddf86d993105f29c65b82acf27e37bb8567

      Download Submit

    • memory/4248-4-0x000001B567890000-0x000001B568890000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4248-12-0x000001B567870000-0x000001B567871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4248-13-0x000001B567890000-0x000001B568890000-memory.dmp

      Filesize

      16.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.