Analysis
-
max time kernel
64s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 17:29
Static task
static1
Behavioral task
behavioral1
Sample
d4361a10b4c5e2b7ddea170e905c3c0ccf800741ab9b3b3a59ccbf8a92c4ebc2.jar
Resource
win7-20220414-en
General
-
Target
d4361a10b4c5e2b7ddea170e905c3c0ccf800741ab9b3b3a59ccbf8a92c4ebc2.jar
-
Size
476KB
-
MD5
87d2f2146fb7cb0d2d64e5a49a0040ee
-
SHA1
a44faf2cf15b374bf32f0ebc79620a861edf2f67
-
SHA256
d4361a10b4c5e2b7ddea170e905c3c0ccf800741ab9b3b3a59ccbf8a92c4ebc2
-
SHA512
38385992ab4ed841b9da46c20fc9a980e538051e39bf29414a6b0813dc1af21dcc98c2ed1c91cf8f3b7630ff3a6ca56236541cb60daf50372a829af344e25155
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1868 java.exe 4588 java.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1868 wrote to memory of 4588 1868 java.exe 84 PID 1868 wrote to memory of 4588 1868 java.exe 84 PID 1868 wrote to memory of 3476 1868 java.exe 86 PID 1868 wrote to memory of 3476 1868 java.exe 86 PID 4588 wrote to memory of 4864 4588 java.exe 88 PID 4588 wrote to memory of 4864 4588 java.exe 88
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\d4361a10b4c5e2b7ddea170e905c3c0ccf800741ab9b3b3a59ccbf8a92c4ebc2.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868 -
C:\Program Files\Java\jre1.8.0_66\bin\java.exe"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.46286002430494816837283787858734808.class2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\Windows\SYSTEM32\cmd.execmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive8451273901835559243.vbs3⤵PID:4864
-
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive9125120164954847010.vbs2⤵PID:3476
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD513c4db011578354d6a8c0e21bc3b69ba
SHA1c9bf36eb457ce26e78ce583374a98115837f97e2
SHA256d08564a03138161bf337b48d0c50eecfac42a0576c92bb3c4ce9e756bfa529c3
SHA5128cdfd2c466b6441f820a8de130b647c780779242137947ca75872b373841fdab7a60002c0388fc9292c9989c98eca0f247337845180ea470faf397a26fba1108
-
Filesize
241KB
MD5781fb531354d6f291f1ccab48da6d39f
SHA19ce4518ebcb5be6d1f0b5477fa00c26860fe9a68
SHA25697d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9
SHA5123e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3751123196-3323558407-1869646069-1000\83aa4cc77f591dfc2374580bbd95f6ba_6bb404a8-25bc-4cef-a831-797f8d1e89c0
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd