Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

DZLauncher.jar

windows10-1703-x64

7

Resubmissions

24/04/2024, 16:03

240424-ths7xach78 7

24/04/2024, 16:01

240424-tgnk2ach54 7

Analysis

  • max time kernel
    137s
  • max time network
    141s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/04/2024, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DZLauncher.jar

  • Size

    20.3MB

  • MD5

    d8e97480161e7c7669a49e2a338be3f2

  • SHA1

    5d50385ce20778c24f07bc510440ae23a2a46ef8

  • SHA256

    cc8c65c5ee4750e78678be926b6b222f63650bdc16c95be092bae89b6c658ee8

  • SHA512

    43d0220c8f10742b7489f88d29a8ecd8d76c1265e51c14d7eff3fc53c9108a07b8b66dfd09e665090a343c0b999fd0b30c9d8d034684df5bf147ad108a227309

  • SSDEEP

    393216:+1jhkyWMtFu79w7dcNUea6E0MbZhGfmJ0GlUPZtTnwA:+9ttFM9W2NH1q74m+HjwA

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\DZLauncher.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2560
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1384
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2932
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.0.1295072239\822303461" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b0292ae-6cdc-415b-a986-098c374bb87d} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 1792 1e4794d8758 gpu
          3⤵
            PID:5004
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.1.1748102910\516430854" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfb37c3d-793a-4bfa-aaf0-98c2b6757239} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 2148 1e4793f9558 socket
            3⤵
            • Checks processor information in registry
            PID:3756
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.2.1984133057\1594604113" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2928 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5304ee1d-adaa-45ed-8f1b-df53efdae846} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 2924 1e479469558 tab
            3⤵
              PID:4360
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.3.1107836915\1978289436" -childID 2 -isForBrowser -prefsHandle 2804 -prefMapHandle 2868 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d48f627-1bde-4dec-9439-e878b4529d7d} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 3184 1e467162b58 tab
              3⤵
                PID:1972
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.4.139534854\900225256" -childID 3 -isForBrowser -prefsHandle 4456 -prefMapHandle 4452 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3728dbb8-7a45-4e5c-8ea5-b0a3c1ad8ec3} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 4364 1e47f666958 tab
                3⤵
                  PID:4416
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.5.1594243904\700172690" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00793296-075c-49c2-ab3f-d0a39cd1e8ea} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 4904 1e47f666658 tab
                  3⤵
                    PID:3720
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.6.627507500\264801001" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e101d9d8-f1cb-4eb4-99d7-f07887ea2613} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 4728 1e47fadc858 tab
                    3⤵
                      PID:4724
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.7.1435110682\347606265" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0abba6-e901-4eb9-afa8-2c259adceb3b} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 5180 1e47fadcb58 tab
                      3⤵
                        PID:3244

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                    Filesize

                    46B

                    MD5

                    c191d6f10e1664e5ce2dbb0d1ec04fd6

                    SHA1

                    08c6479e119babdce0f682f0c16e1d463c7d6e15

                    SHA256

                    98ba2900c24d8b52e33450b41f861774bb74a9686133a0c0f751c816932e3ba9

                    SHA512

                    ee5c19722be15b0c391ece662ffff86e2345cb2d5f8ac26edcfbfb6e04af4227f83f81254af144c4ac9c459368c831728316f04d9eec033aac7c9ffb4314149e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
                    Filesize

                    13KB

                    MD5

                    ef0abf69f5459dc38f1b119d653d56e8

                    SHA1

                    35b8e03435f9c2774d0e74b4ded3d360a6eede59

                    SHA256

                    bb987a601c99cc929b1a33a048efc7727196869453db34f73958877de259eebe

                    SHA512

                    46e67c71745f03738196c239e7062851d7514aafd68c24226a90eda7b7ee98e353710be7f07c8aab0b192d49f26fdd9f83c27dcf6c75fc82ff33fbca34cd7355

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    802d55aec26ecb81bee376f62a75d5d5

                    SHA1

                    abd7323e3d5ca9d006270f4ab40788f63b5e47a1

                    SHA256

                    79ca2bb1b17f882403c1ee58488fd149bec7dbc59b8ffcb33157ad9c0ec7a951

                    SHA512

                    7d6ed0de2e7b994811f505aa2699a6c0e6b5e2dacc31654b0de66a2e3f736c344b595e9b228838bab327e1d3e4a58a98df8b26a1f787f2afe50728c89f6400e8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\bbd98bf0-057f-493d-94f7-88ef5cb4cc70
                    Filesize

                    746B

                    MD5

                    daa83bb7cf7fee433c25a325c5dc7b72

                    SHA1

                    a3fd9cafa6787f0e2d876eaceb680815f0d21c64

                    SHA256

                    d1bd0b6e3a95619982bd2894981fdf6b407d680f322bf1a7de139ac1ac0465dd

                    SHA512

                    3b8155145410134f8ed141b7c246a30007a38a8c772760cafdeb9f4fcd6d9d7bdf6d42b61756f6df116857658abce5939b933cac86ee8854b7a325c9c3c0673f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dfea4af1-eca4-4ebe-9ce9-b8bb1ebebe65
                    Filesize

                    10KB

                    MD5

                    fe3b6df1112559c73241895db53ae273

                    SHA1

                    6e84118af6e7e31782358824df308463111fa46e

                    SHA256

                    9cc4ef6b37a9c4ba48de8f895f58cbf52e9187d9b821395170b1c112a4ddd495

                    SHA512

                    eda8e169279a8540ef6d4328a4754801fe8cb89cc831336403c486a22162dae87889eef7de17a452b76edc233fa57c83b5f11bc140d545751784265b91b54899

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    7b777463eb3778a93432cd3f9fcb6835

                    SHA1

                    91591cdd3a9b8851f1d9dc87f6e3be65fc609d0a

                    SHA256

                    5833a7f5d00ebd9cc6ce1f9535ab615b1d9412ef4b9939342576ec8508582b93

                    SHA512

                    b62b2e9a2511376189313b0d33f650de0817e7bed632eb3303d7540dd6480e6fb64ad0e04a83e728ce211d3bbe2a9936c745f18f455a3485ee0dc1cb5ae6c598

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    8ce79a249cbbd348ab3af2dc3fae8e96

                    SHA1

                    a89891ce65443f4a9bd98d149de19a7d597304c1

                    SHA256

                    3c213e7d0aa21b6e2ef7f279048b25ef14a8ac9ac8a036fef896754733bd21b9

                    SHA512

                    562eff8a0e22df1dfacae167fcc4583904b3de4f51e93045b2ef9c17947870d85ee41fd9e22411137aea9010e32aacbfc57e130e85cba28230ab4bb1a53be9cc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    73ef6d184a6dc0e20595c6f4a144d661

                    SHA1

                    1ed400e0f0c5d27f8d79936b959aa3c8a4b5713d

                    SHA256

                    7af0a0dec0240bc3cb35be7c559db52c7ab6bb76011e9bd0185add9fecf91056

                    SHA512

                    355e433e5cf4eb126f28520b74f2216b57a03dc455e80c2b3ede2390d0074c7924a8384f913ec2d28157ac760d78d29d4a3ae2e6855a4769827204e4cf5d5df0

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
                    Filesize

                    889B

                    MD5

                    cba7d07c662cd9bcba89e900c655ef63

                    SHA1

                    d536cf7c2de74666f4f1b34904e86939bd4afa0a

                    SHA256

                    86e565091c7516fc9433be3e5e46f7395085a4c3fb89fab11a7bfc1c671db74e

                    SHA512

                    e6cb676479b574519a3d4322ea7f7e0367a5084b5420a4b89fe0f7f6eae915413c767fac59e9534e4554d20824a206ba4a4579e7986aecc3b552892199a01fe7

                    Download Submit

                  • memory/2268-4-0x000002231CF70000-0x000002231DF70000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2268-13-0x000002231B6F0000-0x000002231B6F1000-memory.dmp

                    Filesize

                    4KB

                    Download