Analysis
-
max time kernel
132s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 01:32
Static task
static1
Behavioral task
behavioral1
Sample
3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar
Resource
win10v2004-20220414-en
General
-
Target
3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar
-
Size
290KB
-
MD5
0ec42af526c3989f6077b52f97b50bc5
-
SHA1
89574c9b4332c483d91ad663ddfe29019cb204f0
-
SHA256
3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde
-
SHA512
0a007ec4d909111af45d947ebd9243d4765891d463e3ab5b3571e1d62b61e5ed22ff04d1b86b9e5b11b03566fd32879792927bd30e8db744056a0f08da41aab5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1628 wrote to memory of 3268 1628 java.exe 83 PID 1628 wrote to memory of 3268 1628 java.exe 83 PID 1628 wrote to memory of 3960 1628 java.exe 84 PID 1628 wrote to memory of 3960 1628 java.exe 84
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF6651068479565485555.JAR istmp2⤵PID:3268
-
-
C:\Windows\SYSTEM32\REG.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "REalTechInfo" /t REG_SZ /F /D "java -jar "C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF6651068479565485555.JAR istmp""2⤵PID:3960
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD5da7d494165cc7518e879587d7da0c84f
SHA1986941e3c042460584eea3cce951ce35490f5cbd
SHA25630d0e99c37df0e7089874ee71e94ef64f7847e8bff9e258a86efef159ce6669d
SHA51217d1408f627cf0addb0294050d8e3c0530f22e5549da524c7358c0a60f6f76807302af250f2d0e311008523adbb9cfdd7e14bcd42bce21391aec12a1acce8538
-
Filesize
290KB
MD50ec42af526c3989f6077b52f97b50bc5
SHA189574c9b4332c483d91ad663ddfe29019cb204f0
SHA2563f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde
SHA5120a007ec4d909111af45d947ebd9243d4765891d463e3ab5b3571e1d62b61e5ed22ff04d1b86b9e5b11b03566fd32879792927bd30e8db744056a0f08da41aab5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3751123196-3323558407-1869646069-1000\83aa4cc77f591dfc2374580bbd95f6ba_6bb404a8-25bc-4cef-a831-797f8d1e89c0
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd