Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

navine-3.2.9.jar

windows11-21h2-x64

7

Resubmissions

06/04/2024, 04:14

240406-ets9qaah65 7

06/04/2024, 04:12

240406-es1x6sac7y 7

06/04/2024, 04:10

240406-ermddsac51 7

Analysis

  • max time kernel
    34s
  • max time network
    34s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/04/2024, 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    navine-3.2.9.jar

  • Size

    8.8MB

  • MD5

    363d14cc2fe833c5abbc068c343abc10

  • SHA1

    09808831dd6becf4cf56063846c1bcee29feac74

  • SHA256

    8ca48599c1722ce48700ef6d847649e4c8dbecaca3f0b7c49cef72c5133de329

  • SHA512

    d9613efc0f27fdf808718b8958c28cf8fc65a933abee314b3967c32e450ef2952621e5d7f3825fa7160143dbf0186a443e4587906899b5c5bea11c944de3840b

  • SSDEEP

    196608:nKgTphPAnxEvh0C1EGxht7g5rrWtAwPvmgtZuJ:KUphGKvhv1uGtAwPnOJ

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\navine-3.2.9.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3280
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4152
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4052
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.0.1944887\1948819769" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e38b428-ba54-462b-a9f4-ea37cc3d59f7} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 1884 27be35c2558 gpu
          3⤵
            PID:3124
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.1.1704363243\1940409554" -parentBuildID 20221007134813 -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3387d80f-96e7-4184-b21b-eee60fe9c7c8} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 2264 27be3132958 socket
            3⤵
              PID:2632
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.2.1002867107\1269093310" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6874f5ab-8c26-42ab-8fd2-1d5b96c41523} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 3004 27be3560958 tab
              3⤵
                PID:2804
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.3.1627329109\416787130" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4157c7ea-ea41-4c2f-a2f8-baa069454c5b} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 3464 27bd7667e58 tab
                3⤵
                  PID:3628
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.4.2044184987\11564268" -childID 3 -isForBrowser -prefsHandle 3484 -prefMapHandle 3608 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6306c78-7725-412b-94f7-ac0f5388b918} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 3584 27bea560d58 tab
                  3⤵
                    PID:4308
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.5.736688332\1399913281" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5080 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aef27f58-88ca-4cea-9000-dfff3fca7ee2} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5088 27bd762de58 tab
                    3⤵
                      PID:3560
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.6.334702840\468478047" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40df0bc-b18c-44ed-83cf-13e9fb546fb6} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5192 27be9d2c658 tab
                      3⤵
                        PID:4008
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.7.2017333855\768843151" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d6ec41-98ab-48fb-9a91-67e2dd744045} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5384 27beac87058 tab
                        3⤵
                          PID:1804
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.8.1075699015\1470567487" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 2908 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f1f8910-1436-4a79-8214-75517c42bae2} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5924 27bec931a58 tab
                          3⤵
                            PID:652

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                        Filesize

                        46B

                        MD5

                        51258b291a030f6ec7ef8de87dc063c7

                        SHA1

                        27f4bc1e177afe807995862e314277b6eef5d30b

                        SHA256

                        c22f57c6bfa81280a8518f803e54084f7e45aaf33069902ccfe9f373137a8372

                        SHA512

                        1f21dd3c607218e1482a04575323f2f53b3becc2a3c2395c1d304e915f4ea90a209ddd5d94aafc11ce9e91f5f657df7256458d3919cd337883fcf966ee8aba47

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        a719566defdf1a8122de15d4636c9544

                        SHA1

                        2437c67fa89eeeb450b84e3783d4618426e87ed3

                        SHA256

                        3da2115940a962658e18a3787f6a8ac732e4df264ceab5679c87655be686627c

                        SHA512

                        091f18981176452d2e9a2dd2017c63c72ca1691365009a92cc897a8b0b77ef087d63b22033704020de69ad21fc44157f03b098630e59c21e73e7aebf7cbacf69

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\pending_pings\4aae72d5-962c-42a5-aa00-32fad1e4df8e
                        Filesize

                        11KB

                        MD5

                        7c4fce103ea809abcf156b3d38bbfb7c

                        SHA1

                        38a4d1de1257c66732165f8e141523c335bc7464

                        SHA256

                        cace28cb227e9e9e42a542b5e5cca8186051bc5eb08af4093d39c12887649371

                        SHA512

                        483cd5eeb525e19fac68bfb930939946c12fc9317123549aa4c1c6aee725f208c1c026ea5289ad45388e61f8c8a5d2c7a0a5bd3059b6cb76763c81a6ce5ede6c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\pending_pings\57f5cbc7-3c3c-4489-b0f0-04f545e84712
                        Filesize

                        746B

                        MD5

                        4c386a20e5a83f78bac2be9814c1ce0e

                        SHA1

                        9c550bdbc10edbcb64adba8daea7ab824f800226

                        SHA256

                        96b731d66029dc93efb2e7661cc5763c9f42253797d01d38eb2008a7f7b29118

                        SHA512

                        e52e8cf4b4a4b88db6e56d362e32b57e9b0c671b575f3861f072ef3f07ec330d4fd605bc1905ddf9ba9fc4fa37bfbf9f4eda32c673be99584102110dc1e4fb3f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        22bdedaf3ca601c0feab5adc88cc1ccf

                        SHA1

                        fa5847ab525c0941f03f39dc392c3ddc766d31d1

                        SHA256

                        69d5869afb4b8dcc6b8075c7cfa837c34a185de9f2ef7546e182b59c73680f61

                        SHA512

                        d1c32504a9cd8265498fee304547da19188bbfac74582adb18633a52aba9c9f86f9057c2685e852155bede756422739484b170a960883582f7773f06a3a90be6

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        6bc5a4475d18df60c5a5d33b2ce59218

                        SHA1

                        4209c209fdd3d373c6420d0595e2b65dbad26f37

                        SHA256

                        47340be56c9d350147718f537096f637e9c8254f3d359f4c5487c2d316312c56

                        SHA512

                        934ec2265208f6b28d702f34f22c4536f79af17427738f1a482eccd51eb5d981c03f7a4b82dcf1559e677f748c6f6fcc967e26ebefa7659f6d4eb1013eec79ff

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        17KB

                        MD5

                        523bf0623f1694a528b5626d9279fe31

                        SHA1

                        3fd0ff6bec43e9ca9b676eb1fd167189cc89ce57

                        SHA256

                        2f6e0fd9053be20d11c59eb3948331d014c3dd0fc19ad6cdc9bcdedc78a2ffb3

                        SHA512

                        1f85868cb1ff09b8defaaafdbaa3f9da6ac8875cb1ea7a0f97402c51e4e0013e7fb6f352cc81f9348163a213b7fe5802358f45fb4ac65012390a7c4c0bb5002c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        9d58c7a7b8dc1365d0ba450a098e1e33

                        SHA1

                        a132890478828a4e6d91def9e318b198f6115b28

                        SHA256

                        ffd82f8142a3de304d919c2657e67b5fed3513611847ff6f48fd16e0082ad012

                        SHA512

                        86f21fceff416391e62fae0cc9518fbddd4c75b41c7f0793f27b8c71cc18d4df6a74488c1c00b2820485871b061394671704f6c4d82de6ea48de4a2fe4eb15a0

                        Download Submit

                      • memory/2280-4-0x0000024E80000000-0x0000024E81000000-memory.dmp

                        Filesize

                        16.0MB

                        Download

                      • memory/2280-11-0x0000024EF56C0000-0x0000024EF56C1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2280-108-0x0000024E80000000-0x0000024E81000000-memory.dmp

                        Filesize

                        16.0MB

                        Download