Analysis

  • max time kernel
    71s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-06-2022 22:03

General

  • Target

    37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar

  • Size

    534KB

  • MD5

    93d2d92db87d216a310f3e57989f5b71

  • SHA1

    c9e87592ad9e35a4042d8f766c537a866a359fd9

  • SHA256

    37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268

  • SHA512

    7efd15ef40f5cb46cf905ab96a7d19b114e111b2cf77a0729de5693019242e0c013cc4c846051d14286915dcf52edb22e2fa388dc1119ab1284f1dd3df110880

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\37d20da1d9f4859c04c4f4fa921ef98cec87c7c50e1666c3fe9be5104716b268.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4920
    • C:\Program Files\Java\jre1.8.0_66\bin\java.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.368303599931087638537047291819846641.class
      2⤵
        PID:4532

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

      Filesize

      50B

      MD5

      7446b346f99504582f3a198a88a1544e

      SHA1

      36c0413fd1caf81c12fd637fe4f63a19caf246b2

      SHA256

      dafa55f5d3c7385fb55c4ff4ed400bfa2eb0462c0f39ed4494aa0afd54206bc6

      SHA512

      f8c304b0a1b66ce9067c5fed685acd83f9c8d0300e9770c8a3f9112b226e9335ae278bd8edeb8724f69389c27ec2360cd40c98ce5a0c744e27cd55e11b328d95

    • C:\Users\Admin\AppData\Local\Temp\_0.368303599931087638537047291819846641.class

      Filesize

      241KB

      MD5

      781fb531354d6f291f1ccab48da6d39f

      SHA1

      9ce4518ebcb5be6d1f0b5477fa00c26860fe9a68

      SHA256

      97d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9

      SHA512

      3e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8

    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2632097139-1792035885-811742494-1000\83aa4cc77f591dfc2374580bbd95f6ba_2c37a701-1043-4f89-b4d1-d05ed25c6971

      Filesize

      45B

      MD5

      c8366ae350e7019aefc9d1e6e6a498c6

      SHA1

      5731d8a3e6568a5f2dfbbc87e3db9637df280b61

      SHA256

      11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

      SHA512

      33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

    • memory/4532-154-0x0000000003320000-0x0000000004320000-memory.dmp

      Filesize

      16.0MB

    • memory/4532-164-0x0000000003320000-0x0000000004320000-memory.dmp

      Filesize

      16.0MB

    • memory/4532-166-0x0000000003320000-0x0000000004320000-memory.dmp

      Filesize

      16.0MB

    • memory/4920-132-0x0000000002A00000-0x0000000003A00000-memory.dmp

      Filesize

      16.0MB

    • memory/4920-133-0x0000000002A00000-0x0000000003A00000-memory.dmp

      Filesize

      16.0MB

    • memory/4920-161-0x0000000002A00000-0x0000000003A00000-memory.dmp

      Filesize

      16.0MB

    • memory/4920-163-0x0000000002A00000-0x0000000003A00000-memory.dmp

      Filesize

      16.0MB

    • memory/4920-165-0x0000000002A00000-0x0000000003A00000-memory.dmp

      Filesize

      16.0MB