Analysis
-
max time kernel
71s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 22:03
Static task
static1
Behavioral task
behavioral1
Sample
37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar
Resource
win10v2004-20220414-en
General
-
Target
37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar
-
Size
534KB
-
MD5
93d2d92db87d216a310f3e57989f5b71
-
SHA1
c9e87592ad9e35a4042d8f766c537a866a359fd9
-
SHA256
37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268
-
SHA512
7efd15ef40f5cb46cf905ab96a7d19b114e111b2cf77a0729de5693019242e0c013cc4c846051d14286915dcf52edb22e2fa388dc1119ab1284f1dd3df110880
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4920 wrote to memory of 4532 4920 java.exe 83 PID 4920 wrote to memory of 4532 4920 java.exe 83
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar1⤵
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files\Java\jre1.8.0_66\bin\java.exe"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.368303599931087638537047291819846641.class2⤵PID:4532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD57446b346f99504582f3a198a88a1544e
SHA136c0413fd1caf81c12fd637fe4f63a19caf246b2
SHA256dafa55f5d3c7385fb55c4ff4ed400bfa2eb0462c0f39ed4494aa0afd54206bc6
SHA512f8c304b0a1b66ce9067c5fed685acd83f9c8d0300e9770c8a3f9112b226e9335ae278bd8edeb8724f69389c27ec2360cd40c98ce5a0c744e27cd55e11b328d95
-
Filesize
241KB
MD5781fb531354d6f291f1ccab48da6d39f
SHA19ce4518ebcb5be6d1f0b5477fa00c26860fe9a68
SHA25697d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9
SHA5123e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2632097139-1792035885-811742494-1000\83aa4cc77f591dfc2374580bbd95f6ba_2c37a701-1043-4f89-b4d1-d05ed25c6971
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd