Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    06/01/2025, 16:10

General

  • Target

    com.android.cts.permission.apk

  • Size

    3.0MB

  • MD5

    66273a5b1eb1207be4c828e86f74f9ad

  • SHA1

    8e8428f50bbee3383666870ecb31203d9d6cfe6a

  • SHA256

    47df247774e408e8ab4d33040b2fb768cecc2a6f0ac9628aeacfda94d4d7b713

  • SHA512

    264004f2cbf8d95247c32f2c70d324a17c0b09795f63cb78b741117f8edad438240efbe069420dd19bd9bdb20bed6b215e79192a7c168373ebeec53643941c16

  • SSDEEP

    49152:MisH7k/L/cqyT5EZ/WOHPNkWZQOAl79ujJVPzbMPqYXS85DgAIy3rMrc00:M7HccLVC/WYlkqQOAHujJVLbwqM+W00

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.android.cts.permission
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5064

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.android.cts.permission/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    45de6cdfbb2d39455168e7b4bde9fd89

    SHA1

    69bf12f0908d109dfcc71ff36b3664adbe181a4d

    SHA256

    b056bee7bf9b165ef6e4fc743bfab4d85f23753959d18e49c76c726d704a7608

    SHA512

    d1afe05a68476d33625622148c48e0673774efbd6afff028e4e23b175adb83bae15274d1c9eb52f550467adbf4584813489fefcd168009998a5c27214f49b5ea

  • /data/data/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    88e3b8bbeb82a610676f2ef7ac50ecc5

    SHA1

    aa97dd0af27348e603aa0ebfe5302d2dda84c0ce

    SHA256

    9c9a6cc45ed9bdd18e53ac22e02aca6ad7b3a62f679064909f5484f59003d2c4

    SHA512

    a319fbc1fb6be115ddc6df4076926d4e13f996d2d9de5b76b933f23f08c79b78bf9a2fd45a20a89197d82467624bd939654c18e35be919ea6e932bc952eaf275

  • /data/data/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    4928ded1c5c34aa8b0d5c1fac24f00f8

    SHA1

    bfda314223999a16e307cb00f78e3a5b71b1dd08

    SHA256

    eb030b73e71268d2d07de18aea2a59e9745c6a69c59b44a0159527eb44154ebb

    SHA512

    f529de99df3849f2127cd7b15525c3331f95c90bce71eb62f27fcc766d5de3eb0a234120bc376c307f8be23787da6300a393a2410a13a210d91e5b179d458cd4

  • /data/data/com.android.cts.permission/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    98286ba1b0de0c58a05c6b2932f2a70f

    SHA1

    ab0d76d58beaadd9479516e7fd438b0aa0fa6d4e

    SHA256

    91dba500ffbd7cb7402eb87c7baf6832ee0062321e885fa7bce597397fca643a

    SHA512

    1bd8041f45c48f7a54274250c6126f60bc7a47d603cf9c3ed1a842f0f70004d27ab46dcd237213a0cc1a57e7a083d84619b578dc1098a2fbe84c0becde205849

  • /data/data/com.android.cts.permission/files/PersistedInstallation2267334706389835525tmp

    Filesize

    90B

    MD5

    52ec2c11e031ee2c9591d8f060a2a6ee

    SHA1

    6bbcbb106e07b66a7df527e9cf65ac1825e939ce

    SHA256

    13f2e360551e263277640318a036567346312679ec42e05405ebab86352ab76b

    SHA512

    8292093c62cb34791d6c7ac552a500222f76f92659ec0026ddb0f43d89a2434041cd71f900226e0777f8a3121c7cfd7e1e5784c224d9ae7101bf506e0df3a2d6

  • /data/data/com.android.cts.permission/files/PersistedInstallation9066260283204604126tmp

    Filesize

    114B

    MD5

    19e19e24a2c22542f41ec9b79871454a

    SHA1

    227efe50f713584e89cf170318db2f65e2159cd0

    SHA256

    a99f83903872c6c61b9ebb79505da8fe1ab32053be466c24772295863f03f976

    SHA512

    7511908d00b7cbbc5eb3a1478ba90a0c392cc8d0727c2e20c7ea5e0b208f71f0a20e769f95c90a6b29fd488df6abaf5936ba7f591d785d196d983beea21cb18f