Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

rebuilder.exe

windows10-1703-x64

3

tool/core.jar

windows10-1703-x64

7

tool/cyggcc_s-1.dll

windows10-1703-x64

3

tool/cygwin1.dll

windows10-1703-x64

3

tool/cygz.dll

windows10-1703-x64

3

tool/dklic...or.exe

windows10-1703-x64

1

tool/klic_...er.exe

windows10-1703-x64

1

tool/rap2rifkey.exe

windows10-1703-x64

3

tool/scetool.exe

windows10-1703-x64

3

tool/sfk.exe

windows10-1703-x64

3

Analysis

  • max time kernel
    315s
  • max time network
    1590s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/10/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tool/core.jar

  • Size

    203KB

  • MD5

    62203beef5fcee9677adfee43ad15149

  • SHA1

    e6c42ec4a508222b2a386f107e7f7fe4bce3e9cf

  • SHA256

    e7463c81592d4d4154bd04b14af0b30845fbc8962c8ff31f18a757005e552ca1

  • SHA512

    e3f488dc31c9e4e74a99e50bc30e8d68ab50fcfaad618300cd291151649b08249ace5ed2e95357d3c632fe574e640f8f5404345b8218efe4c4cefd6fa382243a

  • SSDEEP

    3072:XMd3zuBWGJC6rlGU4yW7tpwftAdOPizee6gE9H+Ehal6n2wqWey5EN9DvoN+RBXT:cR6+be2mgEMExYpxXCOY2ZAVn0PBPx

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\tool\core.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    299cf30e0e88bf7c8dd1422afbac9077

    SHA1

    de3688c8b27d4ff02e2aa503adade2c17d66566b

    SHA256

    5b3a1ae157cd85a2da11f942bb093dc7fe83339e47d9e06c04c56bc28aa1c46a

    SHA512

    132d9a2836c360723da293f6f3f4dadebceebe3c116e9788d75f71dc376b8333f67b5f6e1b79ece4d73a15aa922743b5ab51f140e673f6402b9156f02de23bcb

    Download Submit

  • memory/2148-2-0x000001B819480000-0x000001B8196F0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2148-13-0x000001B819460000-0x000001B819461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-14-0x000001B819480000-0x000001B8196F0000-memory.dmp

    Filesize

    2.4MB

    Download