Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1Spartan.jar
windows7-x64
1Spartan.jar
windows10-2004-x64
1me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3me/vagdede....class
windows7-x64
3me/vagdede....class
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
01/09/2024, 15:33
Static task
static1
Behavioral task
behavioral1
Sample
Spartan.jar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Spartan.jar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
me/vagdedes/spartan/Register.class
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
me/vagdedes/spartan/Register.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
me/vagdedes/spartan/a/a/a$a.class
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
me/vagdedes/spartan/a/a/a$a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
me/vagdedes/spartan/a/a/a.class
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
me/vagdedes/spartan/a/a/a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
me/vagdedes/spartan/a/a/a/a/a.class
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
me/vagdedes/spartan/a/a/a/a/a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
me/vagdedes/spartan/a/a/a/a/b.class
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
me/vagdedes/spartan/a/a/a/a/b.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
me/vagdedes/spartan/a/a/a/a/c.class
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
me/vagdedes/spartan/a/a/a/a/c.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
me/vagdedes/spartan/a/a/a/b/a.class
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
me/vagdedes/spartan/a/a/a/b/a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
me/vagdedes/spartan/a/a/a/b/b$a.class
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
me/vagdedes/spartan/a/a/a/b/b$a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
me/vagdedes/spartan/a/a/a/b/b.class
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
me/vagdedes/spartan/a/a/a/b/b.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
me/vagdedes/spartan/a/a/a/b/c.class
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
me/vagdedes/spartan/a/a/a/b/c.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
me/vagdedes/spartan/a/a/a/b/d.class
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
me/vagdedes/spartan/a/a/a/b/d.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
me/vagdedes/spartan/a/a/a/b/e.class
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
me/vagdedes/spartan/a/a/a/b/e.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
me/vagdedes/spartan/a/a/a/c/a.class
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
me/vagdedes/spartan/a/a/a/c/a.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
me/vagdedes/spartan/a/a/a/c/b.class
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
me/vagdedes/spartan/a/a/a/c/b.class
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
me/vagdedes/spartan/a/a/a/d/a.class
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
me/vagdedes/spartan/a/a/a/d/a.class
Resource
win10v2004-20240802-en
General
-
Target
me/vagdedes/spartan/a/a/a$a.class
-
Size
570B
-
MD5
82f5eeb3b833bcffbd1815c67c9879f7
-
SHA1
a71b7bca2afd1cce67cf551d65a930d240be951b
-
SHA256
16f64aabd31b974de4beaffb846a383699d10edd2420bb6112c10078a9c69fff
-
SHA512
adaca4a40c024ef818a007c5c06266079b3b9eff7ec665d479670c900232d3b8582e4ebca82756a3c54611ccfe6cdf586b04f38c373e9b907c70e3a504ae6ebd
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.class\ = "class_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.class rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\class_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2812 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2812 AcroRd32.exe 2812 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2168 2088 cmd.exe 31 PID 2088 wrote to memory of 2168 2088 cmd.exe 31 PID 2088 wrote to memory of 2168 2088 cmd.exe 31 PID 2168 wrote to memory of 2812 2168 rundll32.exe 32 PID 2168 wrote to memory of 2812 2168 rundll32.exe 32 PID 2168 wrote to memory of 2812 2168 rundll32.exe 32 PID 2168 wrote to memory of 2812 2168 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class1⤵
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2812
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53fd9dee3668edd71b2368e81fc5c1eb3
SHA155a5b140462a4cc4a59032b4cf683f2b618f3b14
SHA25610ec96d539b6b97e740f68b1305ce9b55972d46dfc9578f767cec9355d408945
SHA512641820080a53d3c8c7bee296fbf3c3798c48116e8cba630b03613c33a41e18e8551350fe2e66d4594d0d46cd0b2009d5111fcf1a423f807d763fade7955e61f6