General
-
Target
JavaTest.rar
-
Size
92.5MB
-
Sample
210122-9t9yt3s3ls
-
MD5
c8d193ac8a6a5e82ef7e40f2d0d54a08
-
SHA1
d666a27cebb119e84440bde3b1feb1bdf02f914b
-
SHA256
8131cb31c52ac044f7bf1c6667d3379f094ea27819fa7f6c20951fefc6b3266b
-
SHA512
a2f2587f26a5bfa7a202ec34e649626620e50941edfff7bd85e3617b2c99f068db3446a1e28ba64f9559cfc55894689cc2da8283cb768334b95b3e4e21def465
Static task
static1
Behavioral task
behavioral1
Sample
jre-8u281-windows-x64.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
jre-8u281-windows-x64.exe
-
Size
79.7MB
-
MD5
c6136758f1fec04a2f7f01249280c315
-
SHA1
5835e46596fe9f4dfe48fd5dd3947dc650d196ec
-
SHA256
27fd9a85f2b49ae6a11b15e36ab28c0493d5572357edf2990a65a2b56f1e1157
-
SHA512
045f33920fb3882d8f24c06e2179934601396636d2ddc360a2a6f03862e40b188506f8da530e4197e4a0e1c79cda48987e810425079377f357fbcf7950c6b030
Score10/10-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-