Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
6asset_pack.jar
windows10-1703-x64
7com.vector...ay.apk
windows10-1703-x64
3config.arm64_v8a.jar
windows10-1703-x64
7config.bn.jar
windows10-1703-x64
7config.en.jar
windows10-1703-x64
7config.gu.jar
windows10-1703-x64
7config.hi.jar
windows10-1703-x64
7config.kn.jar
windows10-1703-x64
7config.mdpi.jar
windows10-1703-x64
7config.mr.jar
windows10-1703-x64
7config.ta.jar
windows10-1703-x64
7config.te.jar
windows10-1703-x64
7BlueStacks..._0.exe
windows10-1703-x64
4BlueStacks..._0.exe
windows10-1703-x64
4Analysis
-
max time kernel
117s -
max time network
139s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
08/09/2024, 14:41
Static task
static1
Behavioral task
behavioral1
Sample
asset_pack.jar
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
com.vectorunit.cobalt.googleplay.apk
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
config.arm64_v8a.jar
Resource
win10-20240611-en
Behavioral task
behavioral4
Sample
config.bn.jar
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
config.en.jar
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
config.gu.jar
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
config.hi.jar
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
config.kn.jar
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
config.mdpi.jar
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
config.mr.jar
Resource
win10-20240611-en
Behavioral task
behavioral11
Sample
config.ta.jar
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
config.te.jar
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
BlueStacks10Installer_0.17.10.6_native_1ad3425415ee2f3e264a6d79df856ea0_0.exe
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
BlueStacksInstaller_5.9.0.1061_native_24ebeaaa739760b7c03556153d168771_0.exe
Resource
win10-20240404-en
General
-
Target
asset_pack.jar
-
Size
36.1MB
-
MD5
644c43ea68494e0c3f8f27372c7a3164
-
SHA1
463b18cd41a49afcb81c8a4396e32e37762947e5
-
SHA256
b105798ba9aff5b994f1278cbd2a852f1fe26ce47b048ea99fc6bca48845962e
-
SHA512
360e3510d0d8b8f2d9a7d1d829dff0a0ced690a2891275916ead8070e4226e6948629e58ed1b19f6b71594b7a4dddd7b78ff46168b8f27930ee5f27ec489a629
-
SSDEEP
786432:Nbw8IZGDDntpfVggWj8oxolqtExvy18vZ2E5js53g5HjnZbRMlQIObyz:hegrtXMdxcyE5W3CZVIObyz
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 2208 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 5016 wrote to memory of 2208 5016 java.exe 72 PID 5016 wrote to memory of 2208 5016 java.exe 72
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\asset_pack.jar1⤵
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:2208
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5f960f7e5f962ceba44a9bc3a5b16cab3
SHA1e48dc782961a31e57e4cfaabed6e0998e6008dfe
SHA25632beba7f7fa790001177268f80fc498dfbc68c358582234b660f00df5abcba8f
SHA5126c141d8ad4b555e14f51ea0bf5b78c95418312849d96e376fd06d1a3562e1888b0d945facf1528354882c04db14b0f191eaa88eac1b891246444bac43dd60d9d