Overview
overview
10Static
static
1015becbaa36...1f.exe
windows7_x64
715becbaa36...1f.exe
windows10_x64
7Nuovo ordine .exe
windows7_x64
10Nuovo ordine .exe
windows10_x64
10189d5314ce...6e2b44
linux_amd64
189d5314ce...6e2b44
linux_mipsel
189d5314ce...6e2b44
linux_mips
18ccb7df2f...2a.exe
windows7_x64
1018ccb7df2f...2a.exe
windows10_x64
101b11ae98b8...4f.dll
windows7_x64
101b11ae98b8...4f.dll
windows10_x64
10204591aa6d...b8.exe
windows7_x64
10204591aa6d...b8.exe
windows10_x64
102c7540c6d0...ff.exe
windows7_x64
102c7540c6d0...ff.exe
windows10_x64
102cb4d62827...d9.dll
windows7_x64
102cb4d62827...d9.dll
windows10_x64
104fd784c26d...49.exe
windows7_x64
104fd784c26d...49.exe
windows10_x64
10553dc4c06c...5f.exe
windows7_x64
10553dc4c06c...5f.exe
windows10_x64
105afed1cccc...2d.dll
windows7_x64
105afed1cccc...2d.dll
windows10_x64
1062742e4698...10.exe
windows7_x64
1062742e4698...10.exe
windows10_x64
106707289e11...1b.exe
windows7_x64
106707289e11...1b.exe
windows10_x64
1069a43a40f0...e5.exe
windows7_x64
1069a43a40f0...e5.exe
windows10_x64
106ca42fe27f...b7.exe
windows7_x64
106ca42fe27f...b7.exe
windows10_x64
106db4bb653b...97.jar
windows7_x64
3Analysis
-
max time kernel
120s -
max time network
51s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
30-07-2021 15:25
Static task
static1
Behavioral task
behavioral1
Sample
15becbaa3657b788030771ccb6072e63f14728533aac9f1dcfe2cf89ebdac51f.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral2
Sample
15becbaa3657b788030771ccb6072e63f14728533aac9f1dcfe2cf89ebdac51f.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral3
Sample
Nuovo ordine .exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
Nuovo ordine .exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral5
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
ubuntu-amd64
linux_amd64
Behavioral task
behavioral6
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
debian9-mipsel
linux_mipsel
Behavioral task
behavioral7
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
debian9-mipsbe
linux_mips
Behavioral task
behavioral8
Sample
18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral9
Sample
18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral10
Sample
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral11
Sample
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral12
Sample
204591aa6d44da7eef69d7ee3d32a9b4cb8e405a575fc3cbcf2d5e0217879cb8.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral13
Sample
204591aa6d44da7eef69d7ee3d32a9b4cb8e405a575fc3cbcf2d5e0217879cb8.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral14
Sample
2c7540c6d066510b73a1a5c668dc74ec6d0d3f0716bb3adb6cd83afdd07f35ff.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral15
Sample
2c7540c6d066510b73a1a5c668dc74ec6d0d3f0716bb3adb6cd83afdd07f35ff.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral16
Sample
2cb4d628278053eba42c82d58fb894c230451ffe70d519ff79c5f1cc76f32fd9.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral17
Sample
2cb4d628278053eba42c82d58fb894c230451ffe70d519ff79c5f1cc76f32fd9.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral18
Sample
4fd784c26daf0b1877d7ffd53710b7312d89c8af0f3e640c1584d238e7e68949.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral19
Sample
4fd784c26daf0b1877d7ffd53710b7312d89c8af0f3e640c1584d238e7e68949.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral20
Sample
553dc4c06cd2a8a13eebb90e6c2a9e7fc09a81858d7233199f0f03d2051bfb5f.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral21
Sample
553dc4c06cd2a8a13eebb90e6c2a9e7fc09a81858d7233199f0f03d2051bfb5f.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral22
Sample
5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral23
Sample
5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral24
Sample
62742e4698b352658390b6b4f5088ddebb673503d5a4151f19c2face25932210.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral25
Sample
62742e4698b352658390b6b4f5088ddebb673503d5a4151f19c2face25932210.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral26
Sample
6707289e11e16158e605882cdd2ce2fc9574428dd0114c6d6246146cb6ba7b1b.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral27
Sample
6707289e11e16158e605882cdd2ce2fc9574428dd0114c6d6246146cb6ba7b1b.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral28
Sample
69a43a40f02660c2065fe3b76861dab28cc292301c180f1eafbf6c3f7b57afe5.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral29
Sample
69a43a40f02660c2065fe3b76861dab28cc292301c180f1eafbf6c3f7b57afe5.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral30
Sample
6ca42fe27fbffcc87eb0995f36e945d8e62e0c06ea606be6a32382eb557970b7.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral31
Sample
6ca42fe27fbffcc87eb0995f36e945d8e62e0c06ea606be6a32382eb557970b7.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral32
Sample
6db4bb653b7dc11b7cda176c18697d9b2a758b2e1de9b83e3804dce2fbc8ba97.jar
Resource
win7v20210410
windows7_x64
General
-
Target
6db4bb653b7dc11b7cda176c18697d9b2a758b2e1de9b83e3804dce2fbc8ba97.jar
-
Size
650KB
-
MD5
a4a5060b5ecca405641bb1f3ac0052fd
-
SHA1
0a304bae725613656099f5f8399a41ad6c1c744f
-
SHA256
6db4bb653b7dc11b7cda176c18697d9b2a758b2e1de9b83e3804dce2fbc8ba97
-
SHA512
2048da4b0cfcddaeb19eccd3a06bd28f1360eeb3106b095c16d38cf5170a05a3bf9ff6fa13a660db3ba878bebffb4a240ef13edc3afc10ec34140a964ba79010
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1172 1104 WerFault.exe 24 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1172 WerFault.exe 1172 WerFault.exe 1172 WerFault.exe 1172 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1172 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1172 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1104 wrote to memory of 1172 1104 java.exe 27 PID 1104 wrote to memory of 1172 1104 java.exe 27 PID 1104 wrote to memory of 1172 1104 java.exe 27
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\6db4bb653b7dc11b7cda176c18697d9b2a758b2e1de9b83e3804dce2fbc8ba97.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1104 -s 1482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1172
-