Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 02:36
Behavioral task
behavioral1
Sample
nigger.bat.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
nigger.bat.jar
Resource
win10v2004-20240412-en
General
-
Target
nigger.bat.jar
-
Size
639KB
-
MD5
535b23591268fa2e1fb35f18972a004e
-
SHA1
6427e6149da9fe83c4bdb8321edda03a7b4925d4
-
SHA256
93fd8e9003a1024b8bd3c76509accf410e53a1eeab22d062a0b55f81b42622b3
-
SHA512
20521279607fad57f65680566dd27a4d7c42c69153582ad768957fac341b9b974674360d631c5bdaa7ade1157ba88b8f93cc7d89506f56e6f38964d6c65dbcef
-
SSDEEP
12288:CjfJQ5/z7Rwnl4plo98Hg2/rR7+BLpNexBgMd+Rqz3KuY2JgS7vDAY:CjhQ5Jwl4zDHg2l2bex+KLKuVJ77vDAY
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 4008 icacls.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1713234990527.tmp" reg.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5036 java.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 5036 wrote to memory of 4008 5036 java.exe 86 PID 5036 wrote to memory of 4008 5036 java.exe 86 PID 5036 wrote to memory of 2268 5036 java.exe 91 PID 5036 wrote to memory of 2268 5036 java.exe 91 PID 5036 wrote to memory of 3288 5036 java.exe 93 PID 5036 wrote to memory of 3288 5036 java.exe 93 PID 3288 wrote to memory of 648 3288 cmd.exe 95 PID 3288 wrote to memory of 648 3288 cmd.exe 95 -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2268 attrib.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\nigger.bat.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:4008
-
-
C:\Windows\SYSTEM32\attrib.exeattrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp2⤵
- Views/modifies file attributes
PID:2268
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp" /f"2⤵
- Suspicious use of WriteProcessMemory
PID:3288 -
C:\Windows\system32\reg.exeREG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp" /f3⤵
- Adds Run key to start application
PID:648
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD55193be4ba174872f33d02a41d8615d3e
SHA138bfb78a7dd795c02bc1d870ea21fa0711410d6e
SHA256efdf682dc55f57f45bfcc3bd3d9ed5a8d88296e1a05220ec9c538a8542c98756
SHA512cdeabdd5a8d62dda401f59d74aab48891f98a508bb9d349b243dc49ee1fe8dd88c1ca446186e38648bb488ce793860a3e4bf01e59246571beff051e5e45ef04e
-
Filesize
639KB
MD5535b23591268fa2e1fb35f18972a004e
SHA16427e6149da9fe83c4bdb8321edda03a7b4925d4
SHA25693fd8e9003a1024b8bd3c76509accf410e53a1eeab22d062a0b55f81b42622b3
SHA51220521279607fad57f65680566dd27a4d7c42c69153582ad768957fac341b9b974674360d631c5bdaa7ade1157ba88b8f93cc7d89506f56e6f38964d6c65dbcef