Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-06-2022 23:31

General

  • Target

    260c43ebb152717fa39c829490e695886d134f582680237bc3d9eb39ab7e4e61.jar

  • Size

    446KB

  • MD5

    0216228659fc89d12e7f3b82bd84705d

  • SHA1

    6cae5d56769b3ececad6165ff26c3b364a08d7a4

  • SHA256

    260c43ebb152717fa39c829490e695886d134f582680237bc3d9eb39ab7e4e61

  • SHA512

    f146555c1ac5d17e98f36302e577285c3eba7fb34387029ac383f9e299e8f7a62fd9bd1cf6cddc057431d74445f03396de347f4df916bc35deab00deb437107e

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\260c43ebb152717fa39c829490e695886d134f582680237bc3d9eb39ab7e4e61.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\ProgramData\Oracle\Java\javapath\java.exe
      java -jar C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF8088594803214420465.JAR istmp
      2⤵
      • Drops file in Program Files directory
      PID:1000
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "REalTechInfo" /t REG_SZ /F /D "java -jar "C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF8088594803214420465.JAR istmp""
      2⤵
        PID:4280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

      Filesize

      50B

      MD5

      9e46af1aea19942a895400a5c3e75bbf

      SHA1

      7675ef617c2b25c0161a11a12c913dc64f954699

      SHA256

      ec354c6bdcf893a5cbc0bd8b2b8c196dcce5c7f3cca1683eb7c2e08ffccc36ba

      SHA512

      0caaffc46adaf63241b6cb4792befd1a95ad8380e147259805b2f5e447596c4d3716ae5c2a97e0d0bf2482d85c2d53ea9d93fb671b0069554668791dd83cd210

    • C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF8088594803214420465.JAR

      Filesize

      446KB

      MD5

      0216228659fc89d12e7f3b82bd84705d

      SHA1

      6cae5d56769b3ececad6165ff26c3b364a08d7a4

      SHA256

      260c43ebb152717fa39c829490e695886d134f582680237bc3d9eb39ab7e4e61

      SHA512

      f146555c1ac5d17e98f36302e577285c3eba7fb34387029ac383f9e299e8f7a62fd9bd1cf6cddc057431d74445f03396de347f4df916bc35deab00deb437107e

    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1809750270-3141839489-3074374771-1000\83aa4cc77f591dfc2374580bbd95f6ba_2c7a2658-1166-4e8e-b7f6-c01b4ff97801

      Filesize

      45B

      MD5

      c8366ae350e7019aefc9d1e6e6a498c6

      SHA1

      5731d8a3e6568a5f2dfbbc87e3db9637df280b61

      SHA256

      11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

      SHA512

      33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

    • memory/1000-153-0x0000000002850000-0x0000000003850000-memory.dmp

      Filesize

      16.0MB

    • memory/1000-162-0x0000000002850000-0x0000000003850000-memory.dmp

      Filesize

      16.0MB

    • memory/2128-134-0x0000000003040000-0x0000000004040000-memory.dmp

      Filesize

      16.0MB