Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Nurik/Crac...er.exe

windows10-2004-x64

5

Nurik/clie...36.ps1

windows10-2004-x64

1

Nurik/clie...4e.ps1

windows10-2004-x64

1

Nurik/clie...28.jar

windows10-2004-x64

7

Nurik/clie...17.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie...10.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....5.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie...26.jar

windows10-2004-x64

7

Nurik/clie...pc.jar

windows10-2004-x64

7

Nurik/clie....9.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....0.jar

windows10-2004-x64

7

Nurik/clie....3.jar

windows10-2004-x64

7

Nurik/clie....2.jar

windows10-2004-x64

7

Nurik/clie....1.jar

windows10-2004-x64

7

Nurik/clie...22.jar

windows10-2004-x64

7

Nurik/jdk/...vm.dll

windows10-2004-x64

1

Nurik/jdk/...en.dll

windows10-2004-x64

1

Nurik/jdk/...ge.dll

windows10-2004-x64

1

Nurik/jdk/...pi.dll

windows10-2004-x64

1

Nurik/jdk/...se.dll

windows10-2004-x64

1

Nurik/jdk/...40.dll

windows10-2004-x64

1

Nurik/jdk/..._1.dll

windows10-2004-x64

1

Nurik/jdk/...fy.dll

windows10-2004-x64

1

Nurik/jdk/...th.dll

windows10-2004-x64

1

Nurik/jdk/...64.dll

windows10-2004-x64

1

Nurik/jdk/bin/zip.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    432s
  • max time network
    453s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nurik/client_1_16_5/libraries/httpclient-4.3.3.jar

  • Size

    575KB

  • MD5

    88cc3123fce88d61b7c2cdbfc33542c5

  • SHA1

    18f4247ff4572a074444572cee34647c43e7c9c7

  • SHA256

    9844cc9b5440d65a88d28bcba9d771374d2dfdab898848cda164611091633013

  • SHA512

    7c0dfa5c0eec596795b6af8c74510cca34764802b9fdd785a1d135859284f864f69d915f4c5aa1c9c1b634ede4e76a0d73f956e859595de278c14979dd89bc2e

  • SSDEEP

    12288:1Rz0VZhoYU/uUCaGaDKeCnqQqmSQ5yoyFxVsvJBSiY9YF:1JchY2DYR0OQAPFxiL094

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Nurik\client_1_16_5\libraries\httpclient-4.3.3.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    6025a7aede5315bad3a86af911184c94

    SHA1

    44c63012b02088c49a0f83e0789e196ec0c2cd48

    SHA256

    5f32555e1bdb3e86a973b898335d7fe3a7dfeaf41d75322213ff3a2159bba09f

    SHA512

    6cea6f2879909adc9559b9daa699d981d9509e112291a4079373d56d135e4387bdbda9b998ada37d4636418878313b630cbcd9d37a2f5673219c28a1ed5fab02

    Download Submit

  • memory/3644-4-0x000001FA80000000-0x000001FA81000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3644-11-0x000001FAF4AD0000-0x000001FAF4AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3644-13-0x000001FA80000000-0x000001FA81000000-memory.dmp

    Filesize

    16.0MB

    Download