Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Airi Shimeji.zip

windows11-21h2-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    96s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/04/2024, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Airi Shimeji.zip

  • Size

    2.6MB

  • MD5

    f16082be399df23dd0120e87fb9510d3

  • SHA1

    eab684c7727be97717fe8fb5e6c1e20bd2798bd4

  • SHA256

    917b98d51a386759f2904a359b362c2350f84d8b5fe4bd8b521ea35b09593f06

  • SHA512

    5095d440e98d63ba45e626c0461c5433f57a12dfb8899d57164244fce16e955353fc619f69ef5484cbda3f2a994b6c2ca6a765a76da7ae8022e08a5f06a36d9a

  • SSDEEP

    49152:XgjWK3cbW/BBmE7CbIGqSDkgAj+ncuEfBAuw2zYYuFRtm+ZHKag/yDZ:QjnMiBBNukz7n+ncu2qu1ERA+Zqag6DZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Airi Shimeji.zip"
    1⤵
      PID:388
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4532
      • C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
        "PowerShell.exe" -noexit -command Set-Location -literalPath 'C:\Users\Admin\Desktop\Airi Shimeji'
        1⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
          "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe" -jar .\Shimeji-ee.jar
          2⤵
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2736
          • C:\Windows\system32\icacls.exe
            C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
            3⤵
            • Modifies file permissions
            PID:4244
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
          java -jar Shimeji-ee.jar
          2⤵
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3700

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
        Filesize

        46B

        MD5

        31c050976cc9341185bb917cedb7da92

        SHA1

        7aa552be3f89b07ab86c56a9814dcd31b63e3d88

        SHA256

        1a6f08dde6b826cd37f42fa340eb311e73ccaa37c55fe38cbb898e60f69f20dc

        SHA512

        9449d989a40b682ba47b774d5951ecbdd8716ed55686488c84c431ab73ab75ce5d0b773b967df32d682bbe4a93bd2360fa7aa82bdd75f3ff61f5bb21f7b14c1a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wk4doh51.oaj.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\imageio6958885145832570450.tmp
        Filesize

        25KB

        MD5

        09218ed8a31db96b07558811c5a585fb

        SHA1

        30932214f3ed72ddccb6a8a5894cc1ddf28a371b

        SHA256

        317dfe7dbdc715c07b95a297146518eea7c8eef9084943e3aab23059c12da18f

        SHA512

        e1b1658866f7869fbc15314cda23d4642fc725e839ee833be66f952b89fca4cadbee0d87c824c7950e029fd5b4d85fcc0e7f33d9f6f3148cd29674a70c6b016e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\jna6065022519444397087.tmp
        Filesize

        169KB

        MD5

        e614dd8601e2f7df64bd226c1f58f965

        SHA1

        b33b81f6b7d1c4924fd6cb5208621a89df79f54e

        SHA256

        d984e47e0cadf4a48d7a857b387e3dacee20232b900a21ee3fce8d51b9fe6cd2

        SHA512

        5288f386913a560fd4fe8cbc2c3252366c2651cf9a52ec3c9c8b2415d533a399cf0fa162ffd8e8133db6593c66afb9a50f427df30278e9dd29d2c1c91bc439f4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-801878912-692986033-442676226-1000\83aa4cc77f591dfc2374580bbd95f6ba_20b07406-8e6f-45df-9efd-1cf7b8a931bf
        Filesize

        45B

        MD5

        c8366ae350e7019aefc9d1e6e6a498c6

        SHA1

        5731d8a3e6568a5f2dfbbc87e3db9637df280b61

        SHA256

        11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

        SHA512

        33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

        Download Submit

      • memory/2256-17-0x00000178E0D90000-0x00000178E0DAE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2256-15-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-16-0x00000178E0E10000-0x00000178E0E86000-memory.dmp

        Filesize

        472KB

        Download

      • memory/2256-193-0x00007FF8EE430000-0x00007FF8EEEF2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2256-14-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-13-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-350-0x00007FF8EE430000-0x00007FF8EEEF2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2256-10-0x00000178E04C0000-0x00000178E04E2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2256-250-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-233-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-232-0x00000178C7D60000-0x00000178C7D70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2256-12-0x00007FF8EE430000-0x00007FF8EEEF2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2256-11-0x00000178E0D40000-0x00000178E0D86000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2736-305-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-345-0x0000023DD7EF0000-0x0000023DD7F00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-123-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-125-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-126-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-128-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-129-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-132-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-136-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-99-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-55-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-50-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-44-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-251-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-294-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-298-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-36-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-325-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-329-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-333-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-338-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-341-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-342-0x0000023DBEF50000-0x0000023DBEF60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-343-0x0000023DBEF60000-0x0000023DBEF70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-344-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-119-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-347-0x0000023DBEF90000-0x0000023DBEFA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-346-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2736-32-0x0000023DBD1F0000-0x0000023DBD1F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2736-23-0x0000023DBEAA0000-0x0000023DBFAA0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-625-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-382-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-355-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-386-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-395-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-409-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-428-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-575-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-620-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-614-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-638-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-632-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-374-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-643-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-645-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-647-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-650-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-656-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-667-0x0000029B91DB0000-0x0000029B92DB0000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3700-669-0x0000029BAB2F0000-0x0000029BAB300000-memory.dmp

        Filesize

        64KB

        Download