Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Nurik/Crac...er.exe

windows10-2004-x64

5

Nurik/clie...36.ps1

windows10-2004-x64

1

Nurik/clie...4e.ps1

windows10-2004-x64

1

Nurik/clie...28.jar

windows10-2004-x64

7

Nurik/clie...17.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie...10.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie...26.jar

windows10-2004-x64

7

Nurik/clie...pc.jar

windows10-2004-x64

7

Nurik/clie....9.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie....2.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie...22.jar

windows10-2004-x64

7

Nurik/jdk/...vm.dll

windows10-2004-x64

1

Nurik/jdk/...en.dll

windows10-2004-x64

1

Nurik/jdk/...ge.dll

windows10-2004-x64

1

Nurik/jdk/...pi.dll

windows10-2004-x64

1

Nurik/jdk/...se.dll

windows10-2004-x64

1

Nurik/jdk/...40.dll

windows10-2004-x64

1

Nurik/jdk/..._1.dll

windows10-2004-x64

1

Nurik/jdk/...fy.dll

windows10-2004-x64

1

Nurik/jdk/...th.dll

windows10-2004-x64

1

Nurik/jdk/...64.dll

windows10-2004-x64

1

Nurik/jdk/bin/zip.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    509s
  • max time network
    652s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 15:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nurik/client_1_16_5/libraries/datafixerupper-4.0.26.jar

  • Size

    657KB

  • MD5

    2fed12ebc12229db27ac65d998622ba0

  • SHA1

    ebd6690f33871ccee9b6132c6480668ee2e35020

  • SHA256

    58fcc65cf4bde25a70073e574a15cff790df176920dd219291d5649f24417316

  • SHA512

    9a42b869b8d764f2536265b7b15dbe79a472dea1e8008dfcddbf13c226ab75e4905a0a422fbf9aa4bb833494f04194ba4d62f01b90975a947a6a2eb0f2a120df

  • SSDEEP

    12288:JyfWVJtQz3QEQUGJMJvZXAx3S58jYRZfA9R5+jeOSnWazPXEwoSXQc:JyuV3xJyvZXAxjQAh+7VazPXf

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Nurik\client_1_16_5\libraries\datafixerupper-4.0.26.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3700
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4400

    Network

    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      138.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
      Response
      65.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-65deploystaticakamaitechnologiescom
    • flag-us
      DNS
      21.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      142.250.179.234
      chromewebstore.googleapis.com
      IN A
      142.250.180.10
      chromewebstore.googleapis.com
      IN A
      142.250.187.202
      chromewebstore.googleapis.com
      IN A
      142.250.187.234
      chromewebstore.googleapis.com
      IN A
      142.250.178.10
      chromewebstore.googleapis.com
      IN A
      172.217.16.234
      chromewebstore.googleapis.com
      IN A
      142.250.200.10
      chromewebstore.googleapis.com
      IN A
      142.250.200.42
      chromewebstore.googleapis.com
      IN A
      216.58.201.106
      chromewebstore.googleapis.com
      IN A
      216.58.204.74
      chromewebstore.googleapis.com
      IN A
      216.58.213.10
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      234.179.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      234.179.250.142.in-addr.arpa
      IN PTR
      Response
      234.179.250.142.in-addr.arpa
      IN PTR
      lhr25s31-in-f101e100net
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      73.239.69.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.239.69.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.114.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.114.53.23.in-addr.arpa
      IN PTR
      Response
      21.114.53.23.in-addr.arpa
      IN PTR
      a23-53-114-21deploystaticakamaitechnologiescom
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      166.17.21.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      166.17.21.2.in-addr.arpa
      IN PTR
      Response
      166.17.21.2.in-addr.arpa
      IN PTR
      a2-21-17-166deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.139.73.23.in-addr.arpa
      IN PTR
      Response
      81.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-81deploystaticakamaitechnologiescom
    • flag-us
      DNS
      81.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.139.73.23.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      18.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.24.18.2.in-addr.arpa
      IN PTR
      Response
      18.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.24.18.2.in-addr.arpa
      IN PTR
      Response
      18.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      24.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.139.73.23.in-addr.arpa
      IN PTR
      Response
      24.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      24.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.139.73.23.in-addr.arpa
      IN PTR
      Response
      24.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      24.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.24.18.2.in-addr.arpa
      IN PTR
      Response
      24.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      24.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.24.18.2.in-addr.arpa
      IN PTR
      Response
      24.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.14.97.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.14.97.104.in-addr.arpa
      IN PTR
      Response
      217.14.97.104.in-addr.arpa
      IN PTR
      a104-97-14-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.14.97.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.14.97.104.in-addr.arpa
      IN PTR
      Response
      217.14.97.104.in-addr.arpa
      IN PTR
      a104-97-14-217deploystaticakamaitechnologiescom
    • 142.250.179.234:443
      chromewebstore.googleapis.com
      tls
      2.2kB
       8.2kB
       22
      22
    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      138.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      138.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      65.139.73.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      65.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      21.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       251 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      142.250.179.234
      142.250.180.10
      142.250.187.202
      142.250.187.234
      142.250.178.10
      172.217.16.234
      142.250.200.10
      142.250.200.42
      216.58.201.106
      216.58.204.74
      216.58.213.10

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      234.179.250.142.in-addr.arpa
      dns
      74 B
       113 B
       1
      1

      DNS Request

      234.179.250.142.in-addr.arpa

    • 8.8.8.8:53
      240.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      240.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      73.239.69.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      73.239.69.13.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      134.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      21.114.53.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      21.114.53.23.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      166.17.21.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      166.17.21.2.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      81.139.73.23.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      81.139.73.23.in-addr.arpa

      DNS Request

      81.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      18.24.18.2.in-addr.arpa
      dns
      138 B
       262 B
       2
      2

      DNS Request

      18.24.18.2.in-addr.arpa

      DNS Request

      18.24.18.2.in-addr.arpa

    • 8.8.8.8:53
      24.139.73.23.in-addr.arpa
      dns
      142 B
       270 B
       2
      2

      DNS Request

      24.139.73.23.in-addr.arpa

      DNS Request

      24.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      24.24.18.2.in-addr.arpa
      dns
      138 B
       262 B
       2
      2

      DNS Request

      24.24.18.2.in-addr.arpa

      DNS Request

      24.24.18.2.in-addr.arpa

    • 8.8.8.8:53
      217.14.97.104.in-addr.arpa
      dns
      144 B
       274 B
       2
      2

      DNS Request

      217.14.97.104.in-addr.arpa

      DNS Request

      217.14.97.104.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2916-2-0x0000022A325D0000-0x0000022A335D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2916-11-0x0000022A30D70000-0x0000022A30D71000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.