Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
23/04/2024, 00:04
240423-ac2gjshh67 7Analysis
-
max time kernel
34s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 00:04
Static task
static1
Behavioral task
behavioral1
Sample
launcher-1.0.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
launcher-1.0.jar
Resource
win10v2004-20240226-en
General
-
Target
launcher-1.0.jar
-
Size
6.6MB
-
MD5
5c38ef0322b18059377bef0fc76f2b2f
-
SHA1
6b9b7b5b10b38e05b665fbaa9fb2e4762fc5a37d
-
SHA256
356b0d87f6bed04f155feeaab0c7d2b7d867214c5c124584625f07cd8f3ec865
-
SHA512
e4fc9d3393a3d4f711df6b6145f83dd81912649e89c0d5cfd1900d5740a6eb145ae28232c05680ef4e0bec9b5e53f43efd479d277103ddad488a7f471809a994
-
SSDEEP
196608:qn3JrwbTDBDkmWt7i8heVQzSjVpAK/IpjIAUPC:q3xw3NDkmieVQzyYjWPC
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3548 icacls.exe -
Drops file in Program Files directory 12 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2512 wrote to memory of 3548 2512 java.exe 92 PID 2512 wrote to memory of 3548 2512 java.exe 92
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\launcher-1.0.jar1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD56259f344e43a3d95602f15e2e3cbe9c0
SHA12291b6deb3db60acaaf49810b5a75e1ecf93dd23
SHA25683fa00f48a591c9707ed23185aabbc2a838ffe53fd75188a864dfa071a7b1b80
SHA512708a755e7cb87be014854c47ef4b0992095f9516258ed6d1a06092452aee85bc3555018526fc45ae6b37bc045bb6adc0317d2e4e408418d339778f16ab81f1ba