Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

PrestigeInjector.jar

windows7-x64

1

PrestigeInjector.jar

windows10-2004-x64

6

Analysis

  • max time kernel
    49s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrestigeInjector.jar

  • Size

    155KB

  • MD5

    bb659e66ccc62be59e71ce62898e8062

  • SHA1

    369c25253f421250ad0db8f5194cebddfb421554

  • SHA256

    2fe7c40f98b2bf290d97c1a504985ddcd74ba9607761d66ec04c27b623c60d5f

  • SHA512

    30f8a114e7f1a0f128f83f9c542d91067beb3cb1a2bf745ec4836be9553e5fc7740d59f3501176aab00213ff44f1d437266dd0074d311b76ff26efc32f1a6d3e

  • SSDEEP

    3072:F+X10rLJP1LV8ta2cLgZD8T32h3Idc6o+dN7Ny/0XVwL:F++yt1ugZDU2hccC/2

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\PrestigeInjector.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Adobe Java bridge" /d "C:\Users\Admin\AppData\Roaming\Adobe\AIR\jre13v3bridge.jar"
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:1336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4524-2-0x0000026D00000000-0x0000026D00270000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4524-15-0x0000026D7F1A0000-0x0000026D7F1A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4524-17-0x0000026D00000000-0x0000026D00270000-memory.dmp

    Filesize

    2.4MB

    Download