Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

R3Client.zip

windows7-x64

1

R3Client.zip

windows10-2004-x64

1

Engine.CoreModule.dll

windows7-x64

1

Engine.CoreModule.dll

windows10-2004-x64

1

Library/Hi...a6.jar

windows7-x64

1

Library/Hi...a6.jar

windows10-2004-x64

7

Library/ac...on.jar

windows7-x64

1

Library/ac...on.jar

windows10-2004-x64

7

Library/an...me.jar

windows7-x64

1

Library/an...me.jar

windows10-2004-x64

7

Library/asm-all.jar

windows7-x64

1

Library/asm-all.jar

windows10-2004-x64

7

Library/co...il.jar

windows7-x64

1

Library/co...il.jar

windows10-2004-x64

7

Library/co...pi.jar

windows7-x64

1

Library/co...pi.jar

windows10-2004-x64

7

Library/dn...le.jar

windows7-x64

1

Library/dn...le.jar

windows10-2004-x64

7

Library/dn...dk.jar

windows7-x64

1

Library/dn...dk.jar

windows10-2004-x64

7

Library/dyn4j.jar

windows7-x64

1

Library/dyn4j.jar

windows10-2004-x64

7

Library/gson.jar

windows7-x64

1

Library/gson.jar

windows10-2004-x64

7

Library/ja...GA.jar

windows7-x64

1

Library/ja...GA.jar

windows10-2004-x64

7

Library/ja...18.jar

windows7-x64

1

Library/ja...18.jar

windows10-2004-x64

7

Library/jfoenix.jar

windows7-x64

1

Library/jfoenix.jar

windows10-2004-x64

7

Library/jk...er.jar

windows7-x64

1

Library/jk...er.jar

windows10-2004-x64

7

Resubmissions

25/06/2024, 05:52

240625-gkzfgstcrd 7

Analysis

  • max time kernel
    47s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Library/commons-email.jar

  • Size

    48KB

  • MD5

    f045afea3cb27ead50b0c59fc3f0dffd

  • SHA1

    c1a7133db9008fa1eae082e6158c3f4c128ec27e

  • SHA256

    268253139a8936afa68909df8ced52a9d769665ee9373a60e19a93f254fd54b5

  • SHA512

    0e2d2cbef9d4c19310748e37ad909e57aa37490a7dfd41557b1914857fe7235e434a6fdee00f663688941da3e70fe882b5c63df10ba8c7ad18936959f906722b

  • SSDEEP

    1536:GvOjParNIWXtWJ/JBHho3pXJ/lMJScErXgSXYeADYW:GvWPar5WJ/J9O3pXJ/lMEU1eAcW

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Library\commons-email.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3684
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    0cd98251a2a2cb1ef2024ba1aa17ab63

    SHA1

    188e95cf24757d8794947e7237167500f5bbc787

    SHA256

    dc269b3dcb2008032e5f257b75607a29663010dee5258ff31a05934b1c769205

    SHA512

    f356f352489c5ecc249c9926761b88044a4a8c57074aca1cda1f575bd8c1d2f9442d1a445d0b6a2f1dfd45c7f78d22df5f6670c0a04b888a321de06cb75df7f2

    Download Submit

  • memory/3684-2-0x00000174B4C00000-0x00000174B4E70000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3684-12-0x00000174B3340000-0x00000174B3341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3684-13-0x00000174B4C00000-0x00000174B4E70000-memory.dmp

    Filesize

    2.4MB

    Download