Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d8270349b4...49.exe

windows7-x64

7

d8270349b4...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8270349b467d0755c01a11c74ea8886190eb8df48574795705928c633516e49.exe

  • Size

    1.4MB

  • MD5

    f896da566264cddb1b663a8b95095336

  • SHA1

    d07d833ebca01f45765273394f182e2d12229610

  • SHA256

    d8270349b467d0755c01a11c74ea8886190eb8df48574795705928c633516e49

  • SHA512

    7efcc663f72ca1a0e9435c31049ab3471c3888f938588fd94a8459e4f2bc0b5c460b616f8e351f2e45f2cf0ec9f21a9228ca9fd2dea4a4bdc0fcbff78ac716e5

  • SSDEEP

    24576:GIeBdQNZswnFSG68kvoJ4cdVEDdmArE27ipsC/vfVm7E/vazaFN:AQNiwnFRkvoJ4cdqc/xpN/4E/vazaFN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8270349b467d0755c01a11c74ea8886190eb8df48574795705928c633516e49.exe
    "C:\Users\Admin\AppData\Local\Temp\d8270349b467d0755c01a11c74ea8886190eb8df48574795705928c633516e49.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files\Java\jre7\bin\java.exe
      "C:\Program Files\Java\jre7\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\\NBI44029.tmp TestJDK
      2⤵
        PID:1508
      • C:\Program Files\Java\jre7\bin\java.exe
        "C:\Program Files\Java\jre7\bin\java.exe" -Djava.io.tmpdir=C:\Users\Admin\AppData\Local\Temp\ -Xmx256m -Xms64m -Dnbi.local.directory.path=C:\Users\Administrator\.offlinetool-installer -classpath C:\Users\Admin\AppData\Local\Temp\\NBI44029.tmp\uninstall.jar org.netbeans.installer.Installer --target offlinetool 1.0.0.0.0 --force-uninstall
        2⤵
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2932

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\NBI44029.tmp\TestJDK.class
      Filesize

      612B

      MD5

      5a870d05a477bd508476c1addce46e52

      SHA1

      d601bb6b81b7367db8a55462a4da3e8dd5f13ba7

      SHA256

      8923583fcf65117a43ba50c979b4185821b0b9f8bbd95dccb58a307a00a9b38b

      SHA512

      f7d079105c9c7d736e9b0f880118e0729bd29f36ce9e9440905595fb90208bbd62f71e0bf0413668fb6c01e4d2168dfff6026beeec6032c2c146a3c752849e86

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\NBI44029.tmp\uninstall.jar
      Filesize

      1.0MB

      MD5

      7dba3d0220c7e993b43a8bc0905e0e5f

      SHA1

      b118edfa2f3a86326ff632dd7fe6a19bae890812

      SHA256

      92da45af16c4bfb9d97739fc6c315c96d642b6d6b4945c033c747066c8827354

      SHA512

      98cfd9659d9643aaa3f854d4fb0ef6bdf782cf93b89506e174afb1be9c9a9f32df530a44291cb6356edcc9b7bb560ef337215a3f4c0cbde99bb329851dfc4361

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nbi-7258250908819334585.tmp
      Filesize

      19KB

      MD5

      1c56b6264905ad1e1a04d1c2bb445c77

      SHA1

      fc15d4cfaf9b0b0a508543d22a3c9cab5a37cd14

      SHA256

      e20654928a84c5b61bde154e33bdd845fac1ae8c852c1152d5608c5a15edd83a

      SHA512

      74196770c0f487edef73a728ae65394bea9a1a30bdfad1ee690549ebcea407794be7aa4b646d5e963cf1ff4a0ceef383f4dcd3ad14967f5ef5d54a87343cb6de

      Download Submit

    • memory/1508-13-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1508-14-0x00000000022F0000-0x0000000002560000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1508-3-0x00000000022F0000-0x0000000002560000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2932-50-0x00000000020F0000-0x00000000020FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2932-55-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-47-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-48-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-18-0x0000000002200000-0x0000000002470000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2932-49-0x00000000020F0000-0x00000000020FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2932-54-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-40-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-57-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-63-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-71-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-73-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-81-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-117-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2932-190-0x0000000002200000-0x0000000002470000-memory.dmp

      Filesize

      2.4MB

      Download