Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

test.jar

windows10-1703-x64

7

Resubmissions

20/07/2024, 12:31

240720-pqg3dsygmp 7

20/07/2024, 12:24

240720-plg7laseqf 1

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/07/2024, 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.jar

  • Size

    1KB

  • MD5

    d58f1665e3018312f03bee7d77c2e419

  • SHA1

    ac0d199e2452a51143d736f1ce441d0225f624de

  • SHA256

    92d5ad300307cc7b81c24b60291ebe15784d753dd316361e2d96142e50b9ae24

  • SHA512

    4e52a3065493093c2e44ab440b9e8d9e62a030287d51ebcc70c379dc02fe8d8c3eab88f5e8f1c275abe6cc6af1380b60a9a85e8dcb97f75b09916aff534f470b

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\test.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3872
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:200
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
        java -jar test.jar
        2⤵
          PID:4104

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
        Filesize

        46B

        MD5

        c63585074bd78dc1ccd11c29046cdf14

        SHA1

        af6a162bbd9ee0c141f0ea02c3cb7c9c11b2232a

        SHA256

        2271cae71368c71192b150112dc5fa77bd5476f7e872d7bb21f1621a4964ed82

        SHA512

        ee97f72c688fb0337fb3d02f9b8cd1374000a51c49fc8a11847e8475248b860296699955fb7144d1c19100ad0ad027c0127ed8130b78f7b953d67e136749ebd1

        Download Submit

      • memory/2084-2-0x000001BC433D0000-0x000001BC43640000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2084-13-0x000001BC433B0000-0x000001BC433B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2084-14-0x000001BC433D0000-0x000001BC43640000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/4104-26-0x000001BE8AF90000-0x000001BE8AF91000-memory.dmp

        Filesize

        4KB

        Download