Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

R3Client.zip

windows7-x64

1

R3Client.zip

windows10-2004-x64

1

Engine.CoreModule.dll

windows7-x64

1

Engine.CoreModule.dll

windows10-2004-x64

1

Library/Hi...a6.jar

windows7-x64

1

Library/Hi...a6.jar

windows10-2004-x64

7

Library/ac...on.jar

windows7-x64

1

Library/ac...on.jar

windows10-2004-x64

7

Library/an...me.jar

windows7-x64

1

Library/an...me.jar

windows10-2004-x64

7

Library/asm-all.jar

windows7-x64

1

Library/asm-all.jar

windows10-2004-x64

7

Library/co...il.jar

windows7-x64

1

Library/co...il.jar

windows10-2004-x64

7

Library/co...pi.jar

windows7-x64

1

Library/co...pi.jar

windows10-2004-x64

7

Library/dn...le.jar

windows7-x64

1

Library/dn...le.jar

windows10-2004-x64

7

Library/dn...dk.jar

windows7-x64

1

Library/dn...dk.jar

windows10-2004-x64

7

Library/dyn4j.jar

windows7-x64

1

Library/dyn4j.jar

windows10-2004-x64

7

Library/gson.jar

windows7-x64

1

Library/gson.jar

windows10-2004-x64

7

Library/ja...GA.jar

windows7-x64

1

Library/ja...GA.jar

windows10-2004-x64

7

Library/ja...18.jar

windows7-x64

1

Library/ja...18.jar

windows10-2004-x64

7

Library/jfoenix.jar

windows7-x64

1

Library/jfoenix.jar

windows10-2004-x64

7

Library/jk...er.jar

windows7-x64

1

Library/jk...er.jar

windows10-2004-x64

7

Resubmissions

25/06/2024, 05:52

240625-gkzfgstcrd 7

Analysis

  • max time kernel
    138s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Library/javassist-GA.jar

  • Size

    731KB

  • MD5

    60974bfbf014085986b1d1eac44222c8

  • SHA1

    50120f69224dd8684b445a6f3a5b08fe9b5c60f6

  • SHA256

    d19c1ef43ccd9cb1b39466bb2f1c8e45c2b6752f1e13a3dfb60096543d1791fa

  • SHA512

    f08d31069e208d1ecc2956445098dd54947db3c3f1cb719513b9660c152877d45a528482af937a58724b76f935d82849805ed2e6cb0161f06e9aab6a32389bc4

  • SSDEEP

    12288:sG7wv+Ogw7Aauh7yUWp2D0TtIdCwTLfwo/QEur3cyVI7gX5dUr:sG7wGONAy0wo/QEm3cGpdUr

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Library\javassist-GA.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    29ebdb0bca2582bc66e85e4da76e010f

    SHA1

    62af887ad95746d65053c16c9083b20ed090c547

    SHA256

    26eb54f0a68c18bcb8c480bf7eeeeb63494cb305d758d2f99846cc1084ace907

    SHA512

    10cfe3e9d2f257766a6bf8241129d3c173f9103a096bb8bb196cbfbf4f0dfec03c6b96c20f2f17099ad80a390effa3501242b7b59847a05201fb4000dccbc3e4

    Download Submit

  • memory/3440-2-0x000001A780000000-0x000001A780270000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3440-13-0x000001A7FD320000-0x000001A7FD321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3440-14-0x000001A780000000-0x000001A780270000-memory.dmp

    Filesize

    2.4MB

    Download