Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

WuahwaLapexReach.jar

windows11-21h2-x64

7

Analysis

  • max time kernel
    86s
  • max time network
    89s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/04/2024, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WuahwaLapexReach.jar

  • Size

    719KB

  • MD5

    68f7e21a492a33ea1bfede9a8c9d2895

  • SHA1

    a42bdbd553bbb33aea2aa04cb3ea28121af423b4

  • SHA256

    36d1db97a916122c967d7c0724301263a53a1e8343fa1bea61ffd9936200b207

  • SHA512

    510e88e8c15cba65000393351a1e8d8278f9776e484bb73f6ea399f076837b1eeea4430f837b62390e432c02a3adbebe3f3f455148ea3222c343a8ae0db7fd06

  • SSDEEP

    12288:4sGS/1vKFmWXUv+jWYvfeKZv+jSomNBjCeY+rus3/+803:HdWEbue3Gom3jCmu13

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\WuahwaLapexReach.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2272
  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\UnregisterExport.7z"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    e0190970e1efc10f88f069da8dfaf217

    SHA1

    2516de8b7407c7c53404d736eee4b14df08f03e2

    SHA256

    5960c6f0a41083f93331cbd65575fb98e724b5714bdcef2b11b0558bb59b161d

    SHA512

    146150238e25e328a866ab0b6ce747cb491f1b8f0696c229d38ed356aeea9efef05607237628551253c3c71262706b57748daafbaa01ed353a6cdedae4aded3b

    Download Submit

  • memory/4916-4-0x000002B1C53F0000-0x000002B1C63F0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4916-12-0x000002B1C3B80000-0x000002B1C3B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4916-14-0x000002B1C53F0000-0x000002B1C63F0000-memory.dmp

    Filesize

    16.0MB

    Download