Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Blank-Owner.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    94s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05/06/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Blank-Owner.exe

  • Size

    1.1MB

  • MD5

    9c52d7af8a33707538cee674f4fe4e51

  • SHA1

    74c4703ca20844f651c9fc4b8fc49f4a53f3c876

  • SHA256

    71ab223a14cd4f8cc4081c37b06cddd010cb49bb2425f93552cae3a6c222ffbf

  • SHA512

    378ec78437a12c9c4864003989f91bb5c456f1afa452bb69d9e9b61dc6dcdaa7c14cee5e432deb3843521d070033d015bedb9c978690758a8d8969837b372b57

  • SSDEEP

    24576:o5YC2KxqZii3i+2BTOqxED4aHBi+y3X3N:cqZiKiIEEnI+yH3N

Score
7/10
discovery

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Blank-Owner.exe
    "C:\Users\Admin\AppData\Local\Temp\Blank-Owner.exe"
    1⤵
      PID:1340
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\WurstClient.jar"
        2⤵
          PID:3356
          • C:\Windows\system32\icacls.exe
            C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
            3⤵
            • Modifies file permissions
            PID:3520
          • C:\Windows\SYSTEM32\attrib.exe
            attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1717566824471.tmp
            3⤵
            • Views/modifies file attributes
            PID:2764
          • C:\Windows\SYSTEM32\cmd.exe
            cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1717566824471.tmp" /f"
            3⤵
              PID:4312
              • C:\Windows\system32\reg.exe
                REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1717566824471.tmp" /f
                4⤵
                  PID:5072
          • C:\Windows\system32\OpenWith.exe
            C:\Windows\system32\OpenWith.exe -Embedding
            1⤵
              PID:380

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
              Filesize

              46B

              MD5

              de480fa5809f84322860360e7234bfc3

              SHA1

              fbb0b62e7824d1ce5c21821aba976762ddb9992a

              SHA256

              5eb0971f5b60d08745113a49a5e1db2f020a78e49c4cc7b48e2c5f6d28e22c5b

              SHA512

              2cef93df87d1000a9b2757a018002abd15927ca9ab5be56b8a138084b6a551b40b2041d1e629d24efd465410c888a34ee57018370100719872a7f8faa374288e

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\imageio5125814045266313395.tmp
              Filesize

              38KB

              MD5

              fb7acc1d8f273a254386ae038ca37bbe

              SHA1

              25bc94c8ffaeed815478ed455413b559d269399e

              SHA256

              0ebcd663a420880f7a7e18b24f27b1cff3add6b9ef965c0f53bdf49e8b80c205

              SHA512

              05396c963e3e6e267f541c7c0d8d1a01d3f979457ab9dece0f340fc70e7132f14701630bf709b2e7342e2dccf8ce3783adb81bbcfdf00c359f14e91d7d43d207

              Download Submit

            • C:\Users\Admin\AppData\Roaming\WurstClient.jar
              Filesize

              448KB

              MD5

              d28601a87f43fdfe18b83cf4303270da

              SHA1

              e28cb7276cf800ef16c147219d00634e42185315

              SHA256

              934de224572417a782d20e6613b11b43112df64dc75c6ae41f895cf2b930f1c8

              SHA512

              52cdea008d9c321cecb3a31f1ef04a6bbb01a6716e6c85b2aab0bf24d46c1fcb03900b3736507cf7d7022f439f892d7d685a48b3e414c63c57a1bd3d47e32b85

              Download Submit

            • memory/1340-1-0x0000000000C90000-0x0000000000DB0000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/1340-0-0x00007FFAA4D43000-0x00007FFAA4D44000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-43-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-40-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-45-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-47-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-52-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-60-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-77-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-33-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3356-160-0x0000019CA2710000-0x0000019CA2711000-memory.dmp

              Filesize

              4KB

              Download