Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 21:49
Static task
static1
Behavioral task
behavioral1
Sample
7f5qc459.jar
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7f5qc459.jar
Resource
win10v2004-20240426-en
General
-
Target
7f5qc459.jar
-
Size
2.3MB
-
MD5
c3233eb0f0216752a546ae6ca551ff37
-
SHA1
66cffb233e75078558750b2b5717b448fc2a9e29
-
SHA256
000cb4373ce83f5e828b4ed209ae85ef97a819f0d6724e27a930be7c0f589107
-
SHA512
be4f13994490e38d031d2d1d7675e7e87e77778f619b7f77c5e7c04e1cfd566aa074ec0488cc68c5625b4492ae60ddf6e31667783a07e80d15ee2e6b221e1c6f
-
SSDEEP
49152:vEDD8ICikBd0+gU2qw+mSUTgy+PI1FLVTxBE7a9S:vk85BYH+7Uky9FYES
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 736 icacls.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe 3908 java.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe Token: SeDebugPrivilege 3908 java.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3908 java.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3908 java.exe 3908 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3908 wrote to memory of 736 3908 java.exe 83 PID 3908 wrote to memory of 736 3908 java.exe 83
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\7f5qc459.jar1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:736
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5ffe3baf5b0b2c44fb6154da117a0a7d2
SHA17dc9a55a531493043054d997ac82a934d4b80c7b
SHA256b9a7912194a03f68c0aded7d7823c33a1f7c7c3801466914abdce8d4e88d6e46
SHA5125e4924cd153aee66167fe023d23c5c837e6e611d431474dfd124b16efd4f5f298206a5e3076ec69878a22f9b2c2bbe8456fd52bf0990af891392edb63f7ec6d3