Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

R3Client.zip

windows7-x64

1

R3Client.zip

windows10-2004-x64

1

Engine.CoreModule.dll

windows7-x64

1

Engine.CoreModule.dll

windows10-2004-x64

1

Library/Hi...a6.jar

windows7-x64

1

Library/Hi...a6.jar

windows10-2004-x64

7

Library/ac...on.jar

windows7-x64

1

Library/ac...on.jar

windows10-2004-x64

7

Library/an...me.jar

windows7-x64

1

Library/an...me.jar

windows10-2004-x64

7

Library/asm-all.jar

windows7-x64

1

Library/asm-all.jar

windows10-2004-x64

7

Library/co...il.jar

windows7-x64

1

Library/co...il.jar

windows10-2004-x64

7

Library/co...pi.jar

windows7-x64

1

Library/co...pi.jar

windows10-2004-x64

7

Library/dn...le.jar

windows7-x64

1

Library/dn...le.jar

windows10-2004-x64

7

Library/dn...dk.jar

windows7-x64

1

Library/dn...dk.jar

windows10-2004-x64

7

Library/dyn4j.jar

windows7-x64

1

Library/dyn4j.jar

windows10-2004-x64

7

Library/gson.jar

windows7-x64

1

Library/gson.jar

windows10-2004-x64

7

Library/ja...GA.jar

windows7-x64

1

Library/ja...GA.jar

windows10-2004-x64

7

Library/ja...18.jar

windows7-x64

1

Library/ja...18.jar

windows10-2004-x64

7

Library/jfoenix.jar

windows7-x64

1

Library/jfoenix.jar

windows10-2004-x64

7

Library/jk...er.jar

windows7-x64

1

Library/jk...er.jar

windows10-2004-x64

7

Resubmissions

25/06/2024, 05:52

240625-gkzfgstcrd 7

Analysis

  • max time kernel
    46s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Library/jkeymaster.jar

  • Size

    51KB

  • MD5

    21a017201cbb16ae0546069d4371f1c2

  • SHA1

    9f1e8c9341a8a0c51299b961c4f6c7661c822756

  • SHA256

    a2d68aaf08f15ff1c3b9b224641e8b4c35ee30b10f655d6420571b0429f19c87

  • SHA512

    6c65740c17de72ba7b0df95aa29d095a1502f298924c63f364328f6fbb38920e92e0246d28a642f7c9fe3ab582341e607b0ae01515d470b4595d698ce81363d6

  • SSDEEP

    768:MfvhdjG8x0IODNsLOl8EHSsyxIicvyxIuAcPGzd0TZAjYHXI:cdjGjNsVwSjxIicaKusqW5

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Library\jkeymaster.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:6084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    11de4ab331a8569cfd7dee4958774214

    SHA1

    2f811c9a0c543e47177ad72e2c247eeaa0c9fee8

    SHA256

    6b581571ebef166476b59e86da6943ac6a646494412c2f0114651bcdb6a04449

    SHA512

    0eea56c87250eaab2dc4e35f1372e03001dd54272c42845f6b42f1c7d32506080e42517e889642540a3c3275ddfa2b53d2122b012a21237f0709e6ad593ddf2f

    Download Submit

  • memory/3800-2-0x000001ABE0CF0000-0x000001ABE0F60000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3800-16-0x000001ABE0CD0000-0x000001ABE0CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3800-19-0x000001ABE0CD0000-0x000001ABE0CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3800-20-0x000001ABE0CF0000-0x000001ABE0F60000-memory.dmp

    Filesize

    2.4MB

    Download