Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
136s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
13/06/2024, 15:00
General
-
Target
minecraft.ZERO.hile.exe
-
Size
14.4MB
-
MD5
cd3b26073f0b68b7a7f1d966dc167713
-
SHA1
4095946fb5592ef62afcf202556a100fc0694b56
-
SHA256
fb581a2cc898f1130a283f27f7969aad7aa67ea39aa05fdf989bb814a7b89f06
-
SHA512
bdba8b6f3c3ad14c0290a48a6238d55b4169ffed783f9b1da6a3bf9810019c1c08962c08a22a1f0c976684ae7c7cd7c01ad2d079b8b7e881bd2874a44a960c6e
-
SSDEEP
393216:X47JneqUkINXYvnhYVgsdRmPG+aEbzPkgN+XoCfvkG:XGeq7vnhA76GybLkgErkG
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Detects videocard installed 1 TTPs 2 IoCs
Uses WMIC.exe to determine videocard installed.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 49 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\minecraft.ZERO.hile.exe"C:\Users\Admin\AppData\Local\Temp\minecraft.ZERO.hile.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\minecraft.ZERO.hile.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
-
-
C:\Windows\SYSTEM32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic path win32_VideoController get name3⤵
- Detects videocard installed
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic cpu get name3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic path win32_VideoController get name3⤵
- Detects videocard installed
-
-
C:\Windows\System32\Wbem\wmic.exewmic cpu get name3⤵
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
C:\Windows\SYSTEM32\hostname.exehostname3⤵
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD58c108747ed69366d07462965e4f400ac
SHA1cc3684055ad5922f23a8f44be7ab3f8685cb1803
SHA2567ed393add1a454d07cf046da17d35212106251cc82817a706799f9b4208149e4
SHA512c928c2293269a8cb941ef37a3018b437bdf5cff06983b7ab2d169ddf52b89d2d23113c2f2102ce9659f4c9bc60ff85da54457c3fcff2e6b46e77283e49846f8a
-
Filesize
216B
MD562c0ac2afb97ecc5c5a3c2cce6d6315e
SHA13c98b7ff8b9d7c35a4208df9cdea28d8d7b959d5
SHA256350eed026d30826a00f1185cebe2a17a2c0f96dea785fc75ef675ed4080f24c6
SHA5123d80a83ed6c934de6129c1a7a7a272f7f0dbe1be0c6b8911dea2122acd425c1ad0e0d266dfd0f73e6143bca6d7b74bdbab1c71e68f029696af36a176b21aa387
-
Filesize
11B
MD5c4e084cd947c96a0b82b02c634540789
SHA1de91618baf7eccbad86a0610176b6be79e16a094
SHA256c926a5b9148deecb9084d03187b9297b501296de20f87db2b689066c3fbb34d2
SHA512c2d288b2ee229c8edd1250284322a118b06a847ad05e076f4f028acd5a060864a4f6dbe77c091707aff49663e3a6d7c8e173ddc83220c44df6468c02e7eb7e85
-
Filesize
248KB
MD5719d6ba1946c25aa61ce82f90d77ffd5
SHA194d2191378cac5719daecc826fc116816284c406
SHA25669c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b
-
Filesize
936KB
MD5dfeb9c87f051ca41d1070a0b8e3c805b
SHA1bab606fb299b220d979e338c938bb3c871eeb3e6
SHA25632e1a9209fc62b815be176718638a1c764745ba2de60295d7d287b95dd773071
SHA5120369d025f65f384135227e253a56f53d8b4c63773c441036571499173b6aa6d0cef9208d548bd6e427977f1c2b2ec6e2f289a4d32831167a9bb0b2e3e79726c4
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.4MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
2.4MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
968KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.4MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
348KB