Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

h2.jar

windows7-x64

1

h2.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 17:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    h2.jar

  • Size

    1.6MB

  • MD5

    86de8952f48764286c83e1ec6e9679bc

  • SHA1

    e5c635f2a87b601382ba9e071d2df857f106a929

  • SHA256

    c32dafd1e713c467e4635a5b1896631f11af7d427be1b141b359e203afe3bce1

  • SHA512

    5920daf00fa9303fb865c54520f17adff3a939dc5477ffc028f2432202a3fa51efbf9d094b1a4ac23ecd52e4db87a260285552243547055d1cfa732c276cf31c

  • SSDEEP

    49152:YBVVmtubLiaGifD9xXobnvc+cKoynE7jiCg:YDAubL9G2Ybv1cK3FCg

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\h2.jar
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://10.127.0.83:8082/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d6215de0081a0bc0627597defc7b19e

    SHA1

    bcb6afbd817f90bd68875e63539842f5e839f3e6

    SHA256

    9a480a329891fe0093115e076ab9c3472ad6dfb779922dede9fa2e0a832f145d

    SHA512

    51812dd6a6c8a315dcdfc7e228c9d94f100a7ddfd066b1ea752d382a035a5f10a412028a07ef55c85fcd116c0246438e6044979e264e45746e35941609ec54c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    033be118fc3fe092efac8f67bd377c25

    SHA1

    c521540b31a4c09f06c25d0b9a01139da9df8d26

    SHA256

    de6d1e26b036903834cca7799c8feb0e7197f19d202da6c37409e12d3759c341

    SHA512

    cf282bb6674f207ce473789533ee35469e52c4a28dfb6fe0604315d7f527ab05627a9b520d755790a2db71f5254ac1ebf674d1b8ce0da0de56576dfdd092c3b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3abcda7a10f36c02d17a1c75c771a86

    SHA1

    274925fbe9804f8ba748531c8ee013ed5be36b4c

    SHA256

    ace67139fe8a0f871cee03558a3c17cf48bc9fb9ec1f6cf62fb79000c92dc0b2

    SHA512

    376f8899e864ccce14de6e9befc16fded5f00ec492f642d482beb1372ddb23c848fedb700bcface24b7d6b22b2a4ab760149578e45e1589a4f0237f1a4d761f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a4f0af95b53d2ed4aa95b1652dbbcf9

    SHA1

    2f6184c2010e858cfbf5d1bd7968147ce3620db4

    SHA256

    1967ccf40e165f062dcc12a92b10b0b0bf638cb8bb0027166783ae9da1320f8f

    SHA512

    1b8da872afd2bb925e92196ed2239c86e815aa961ff20638daf4edc70eb0cf3b5b4d897d95906ce8d4df4fb3c3aef396c199064ff497620f4c4fb3d71a0516d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e311f759a177f8b113d45ee8d9dd6cd5

    SHA1

    f5ac5101e9448329e22c8be1155e60bcbe78ee30

    SHA256

    bcd317f412dc2cfb0b404941f14e739302afa6704fd1d31d3e686d6633e458e1

    SHA512

    8a9fe22931452a1139fe8d0a06f5922c57a4dddc3da2deec89609b6f08a2224938c71aef52798ec2a38e594ea10db4de3a1a15f13c5f67466fe8dadf012520f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6fd33536850d003bfcd9cdbf16d96a7a

    SHA1

    9d98f5e90437b1c0a61eb01f97c871f4437db504

    SHA256

    61cd13a0ec12153a7ff75f4fd27602e7dee2b881e79dd54e09e420659b8b650d

    SHA512

    950349be1083c84f026cbb8ae004b581cc3b44320010a469d968c22ed626c7a332a1cb8398ad8c8df4246609859c5d4db6a0ea82fd7a57f06c92858516608f48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f956b8f3d997ef59d9a9acf4d42935d5

    SHA1

    4023710e68f50312a6be136a292894b0daa5583a

    SHA256

    0199e78092d13aaf48622e0e703487db46e6f024df5d009e9772f92f1beb7eb9

    SHA512

    08c0854649654f3b6a9412f22e18e6ec3704451b3dda5f80b1146e8aadf9f13fffdd087564ecdddb65208c63dec02373804e1abced8b60c533a2f577b28b590c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc16ed072d69ea6a0381116bd9c82111

    SHA1

    fbc4965d1bf80db0e7c951d9713e034fb3794063

    SHA256

    15ec0c0b47e01ef7f60feaca555a46af146ac4c979f1140291120bce329a3b20

    SHA512

    4e137817962cb430bf9ffc45aaa977193569fb08aea6bd13cc84203850f7717b0dc6cdcd528f377d6a0fd78e846efe05a611a0bae9c6988c902047e361f9a690

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d5b2668308774881185e432d34130ea2

    SHA1

    464438e480036c25706f4290efbf0bfd6531f317

    SHA256

    48813d2e3c74400ef5de1cca60fdabac6bda074d4b034f3fc7c1c9aaa9043fa5

    SHA512

    04a0b76219c6d1f05d0c3c626e40a388bc1a5349425f0b884f0c55a61b4f3c09e85bce0e01dcbd7f8d24b75c1f961d9b8def01db3fe73b99fe9a6527a8c153d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7a09299174df2b17b653f48ed2a9dda

    SHA1

    b9dee628239df5c3b19fe7e93f33a89fcbdd59d1

    SHA256

    9355803a5f88ee880b0984ed595ed36ac167cf5ccbdb58e3f43b875e2487ca80

    SHA512

    ce983b4a237ae47e26c5244ac884771424f52c3eba684510fc815764f6a007571e4ee507534a3d73e15c15a7b5aa1ade2c6b7a429fe83f8251084d5059a88b49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a386c77bd3fcc40852e9480d7d26211

    SHA1

    298ee48f28eaf4d63eb257d34b45d417adc28f80

    SHA256

    7866efeebf3773cbfb4d843f6b9bf882046792a94ff9689c6ec02fa3fbe43ba7

    SHA512

    9b2d2e06553f6f83d5006555431e0953c51bb93dd8e28bd9b59bfcd8065003276e7121e526e8641f923ad2323cfa073dbf9668dbd8768212ae75fc46f25da358

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eebdd7a440620537122dc4bb01bd8726

    SHA1

    eb8f7952f086e8e281528b9e08bc809ee4c2f5e5

    SHA256

    693b0de62d4249ed239acc2fddbabd430deccb28c5444f2c3a798c1187b465f7

    SHA512

    824803de790c7ee654638918a93207585bcfef0302f5a63593a8dd34761317ced1de66edefcfaa9f13d451a4e8743757f4a572a9f7764a31e03e43cbdff76548

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9d8ca688c88565f1a1ad7e0b3f8f9c3

    SHA1

    f2ee530f4ed6b72a9bc0f2e4cb1fae1d9ed8e0a1

    SHA256

    5232f308439fba0391aaa221acec46ca2ce23c35c52a065ed89ac145c08e28b9

    SHA512

    1382ccc89e0a67e968256d523c9c1d3a45dba422ffb4297dae527091ca1f5ee7ed08d60c6540d162dd5772bf8cf0528146cd3741f6c1750b6deaeaa1db447314

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b74da5edfda84e184fdfe550cac32bb

    SHA1

    7c3a2ae7809d82ff9d69f6da886de754625d6043

    SHA256

    aecfbb8d6c73a3bca187c5e8dfaa9d90ad766e1b5b85ac5e0a76b975e515abd0

    SHA512

    88dc6e85125731aed0c15c11b7fb539b2832beab38955fc6c3efb9f9538298170daa78e0f0f904e0d6f5a92c890ae2f1dd629afd72a68d3f13cd332acc0752e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8ec2d008d7e5058e59ab8fdbd268ed0

    SHA1

    d483c3795871ebbd05f68bb9a527cb3b72b6b985

    SHA256

    cfb34d111b2bcc900d5a8cb2a3a11f723ec4ca5d8be54149f638e347b78f8136

    SHA512

    7898ab76ed76e54d47dd40a562ae16084a08ecd3e563888e695f93eb06a5a238ca23c9f1280d867e1ac1b68b2cb35fbaeb7e3c3d7cef2bf38f588ce13970f5e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dddd52410faa4ede552ef8dd87071f54

    SHA1

    bf535049263b776f1252f852f468b12aa930c4e9

    SHA256

    e8a703d5118bfabf90228f813ffa1a9f2031d36ade67c20aa6549fe912e82f33

    SHA512

    066a97b0e973f0166782df030f9d2c6314151f94321e46f8694d6c578dea450703cb7fbd34173e449c2fcd82a1fc2b27680f76868c92a957c2d3eb2d124f0592

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d62d9b3eedce0cb377366e954910b5b6

    SHA1

    0eb260595caf1cfba8995d3302260c3f4858f22d

    SHA256

    3731109cf2ed909736185d736d730129b3f62a5603ddf2022f001d6bead58a95

    SHA512

    8483bc6e340fb2a75e2d848d4e1d0d0793f7b10f877e20b2d517e51e666755183f0fdb6e666eb846b9765058772189381815232d9bbab2a2a2d7b5a43242144a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\60nmxlj\imagestore.dat
    Filesize

    5KB

    MD5

    e8e6a93c298f1fd0443382053d2332d4

    SHA1

    390c7edbd350fe3f4d155021b89fd8a5c1deba18

    SHA256

    5c9115e91029d421c18a2e48dd26bc667a4d48737a2dcac189593c1d236b2af2

    SHA512

    7e0f2fd6dd4bbd8a0e7f6592113ef059705936fb50c1f331003f258b6d8036ef50a6bd75d3bedcbac132fd47820fbdad2e3c062825f187cb41991f4ce6e8ecc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\stylesheet[1].css
    Filesize

    4KB

    MD5

    10dadce116870ccc9aa0ced525d6c522

    SHA1

    b3592f329cde2b64ebd832f340824f25012b236a

    SHA256

    169293ddb2669021f8289910e7712f881269c7c36bfdb4af715b9812f2e5a645

    SHA512

    3d7ff1ca6c5c42dc6cdcedd8602518cfa27859d29617443d924e00d8a2b4a9082ba3685af5717127ce2dfa41b2ab16540bbd330adf21e3fd62fb20c0113b1ac3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\favicon[1].ico
    Filesize

    5KB

    MD5

    2e56b316ce1f3065ccc5c56be8c2f00b

    SHA1

    b1e35527720d07d4ade8b801d88ad92d8396a295

    SHA256

    94722d32bf7d06bac46236b20a3c7cf917f4c434be90360923f7aae139336c7a

    SHA512

    36a0d72492d1838b69362b0492d859ca4c456f72384644aa62bec8b6d20049b0cfc9b7b2a41fe08565540e4847851905576f3ee4df887dff28572ea44c535d2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab206E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab21B9.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar223A.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\test.lock.db
    Filesize

    103B

    MD5

    0893c1d7b47dabafa5b85e3ac8c682b4

    SHA1

    7045aed963561130fff1c143d9debe4289886e6b

    SHA256

    ed1070808cc0bb88cb808c6317e73c5e0a918ffe0786cd55fbdee1858e8c1a36

    SHA512

    497acd84ec0898e319f522966382af94c2e70272e8d5333beec2781705f05c7959e6d1579c422e4bd957cc0510b7a39ef113d7cceea3c85921b7b9b9ccc3a115

    Download Submit

  • memory/2180-9-0x0000000002220000-0x0000000005220000-memory.dmp

    Filesize

    48.0MB

    Download

  • memory/2180-18-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2180-554-0x0000000002220000-0x0000000005220000-memory.dmp

    Filesize

    48.0MB

    Download

  • memory/2180-555-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2180-556-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2180-10-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-21-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-23-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-24-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-17-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2180-26-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-27-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-46-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-42-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-30-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-1052-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-19-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download