Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-07-2022 01:32

General

  • Target

    3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar

  • Size

    290KB

  • MD5

    0ec42af526c3989f6077b52f97b50bc5

  • SHA1

    89574c9b4332c483d91ad663ddfe29019cb204f0

  • SHA256

    3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde

  • SHA512

    0a007ec4d909111af45d947ebd9243d4765891d463e3ab5b3571e1d62b61e5ed22ff04d1b86b9e5b11b03566fd32879792927bd30e8db744056a0f08da41aab5

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\ProgramData\Oracle\Java\javapath\java.exe
      java -jar C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF6651068479565485555.JAR istmp
      2⤵
        PID:3268
      • C:\Windows\SYSTEM32\REG.exe
        REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "REalTechInfo" /t REG_SZ /F /D "java -jar "C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF6651068479565485555.JAR istmp""
        2⤵
          PID:3960

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

        Filesize

        50B

        MD5

        da7d494165cc7518e879587d7da0c84f

        SHA1

        986941e3c042460584eea3cce951ce35490f5cbd

        SHA256

        30d0e99c37df0e7089874ee71e94ef64f7847e8bff9e258a86efef159ce6669d

        SHA512

        17d1408f627cf0addb0294050d8e3c0530f22e5549da524c7358c0a60f6f76807302af250f2d0e311008523adbb9cfdd7e14bcd42bce21391aec12a1acce8538

      • C:\Users\Admin\AppData\Local\Temp\MCNKJHGGFFF6651068479565485555.JAR

        Filesize

        290KB

        MD5

        0ec42af526c3989f6077b52f97b50bc5

        SHA1

        89574c9b4332c483d91ad663ddfe29019cb204f0

        SHA256

        3f74b20200d038fcf7f1d6a1d98bf77b2efd68dc5f19bd680de89288d9484cde

        SHA512

        0a007ec4d909111af45d947ebd9243d4765891d463e3ab5b3571e1d62b61e5ed22ff04d1b86b9e5b11b03566fd32879792927bd30e8db744056a0f08da41aab5

      • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3751123196-3323558407-1869646069-1000\83aa4cc77f591dfc2374580bbd95f6ba_6bb404a8-25bc-4cef-a831-797f8d1e89c0

        Filesize

        45B

        MD5

        c8366ae350e7019aefc9d1e6e6a498c6

        SHA1

        5731d8a3e6568a5f2dfbbc87e3db9637df280b61

        SHA256

        11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

        SHA512

        33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

      • memory/1628-139-0x0000000003220000-0x0000000004220000-memory.dmp

        Filesize

        16.0MB

      • memory/1628-140-0x0000000003220000-0x0000000004220000-memory.dmp

        Filesize

        16.0MB

      • memory/3268-155-0x0000000003270000-0x0000000004270000-memory.dmp

        Filesize

        16.0MB

      • memory/3268-165-0x0000000003270000-0x0000000004270000-memory.dmp

        Filesize

        16.0MB

      • memory/3268-166-0x0000000003270000-0x0000000004270000-memory.dmp

        Filesize

        16.0MB