Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

asset_pack.jar

windows10-1703-x64

7

com.vector...ay.apk

windows10-1703-x64

3

config.arm64_v8a.jar

windows10-1703-x64

7

config.bn.jar

windows10-1703-x64

7

config.en.jar

windows10-1703-x64

7

config.gu.jar

windows10-1703-x64

7

config.hi.jar

windows10-1703-x64

7

config.kn.jar

windows10-1703-x64

7

config.mdpi.jar

windows10-1703-x64

7

config.mr.jar

windows10-1703-x64

7

config.ta.jar

windows10-1703-x64

7

config.te.jar

windows10-1703-x64

7

BlueStacks..._0.exe

windows10-1703-x64

4

BlueStacks..._0.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    128s
  • max time network
    139s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/09/2024, 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    config.kn.jar

  • Size

    32KB

  • MD5

    b94d13aeb49c5e31ac35eebf1eff0fab

  • SHA1

    658d56d3917781acc62def7e1e4e6f97008ef2a5

  • SHA256

    9d61071e17e66e15ecd6906b6d6620ca7365bb8f2279a08bc8c939653e581054

  • SHA512

    9f4f527137fe620b801e8f52737c38e16d7dfe1278b873bc47fe2c0725ab11d35038cc09d6e1dbe0f1a0af36a5709260ebc59dbdc941da5fadd9a5306f06ba40

  • SSDEEP

    768:uC86cPmo49okC6FNVSuOMVIDiqVveXrFshdhJ1e1TVthO4DNs43hShs:z86cPmoIokC6FyTmXrFshdhiHthO4Zse

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\config.kn.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    296ada28e34d93704fe9a84103fd872c

    SHA1

    f12a3529cc08a218f97158e578a4a176fadea508

    SHA256

    0c4ecd44893136ad62b14c2b961626291144da1fd1f789fe943247659483b494

    SHA512

    d2fc45aef1a12747b4932fcdafe3da9f08a2dfd63131e0e8a3f17b2b12e06dc36864a03137be026f02bf6616855f94dd1be63c69bb7d651bbb20068657943ead

    Download Submit

  • memory/2908-2-0x0000015E4D850000-0x0000015E4DAC0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2908-12-0x0000015E4BF30000-0x0000015E4BF31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-13-0x0000015E4D850000-0x0000015E4DAC0000-memory.dmp

    Filesize

    2.4MB

    Download