Analysis
-
max time kernel
35s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
20-07-2022 18:23
Static task
static1
Behavioral task
behavioral1
Sample
4e33a96a18238c3fbae9b04070b63538eda4b1a51b7954bb9586e74bdf50526a.jar
Resource
win7-20220715-en
General
-
Target
4e33a96a18238c3fbae9b04070b63538eda4b1a51b7954bb9586e74bdf50526a.jar
-
Size
612KB
-
MD5
abac48d8684576cd18bccd3cd119fbdc
-
SHA1
fef9b742a8206a6a782e5b5ff825123e729bb6ee
-
SHA256
4e33a96a18238c3fbae9b04070b63538eda4b1a51b7954bb9586e74bdf50526a
-
SHA512
678d76752cf55e61f64f472a38fa5e2d5397e330a9eb0d6647df752f38627506dca5db0b04245ee3516b27eff7bd2860894b5a08f9fc04d7d51ce92b67a1e7e9
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
java.exepid Process 4772 java.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
java.exedescription pid Process procid_target PID 4772 wrote to memory of 4624 4772 java.exe 81 PID 4772 wrote to memory of 4624 4772 java.exe 81 PID 4772 wrote to memory of 4928 4772 java.exe 85 PID 4772 wrote to memory of 4928 4772 java.exe 85
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\4e33a96a18238c3fbae9b04070b63538eda4b1a51b7954bb9586e74bdf50526a.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Program Files\Java\jre1.8.0_66\bin\java.exe"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.28746044042288032927430784459585330.class2⤵PID:4624
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7591755866037390741.vbs2⤵PID:4928
-
C:\Windows\system32\cscript.execscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7591755866037390741.vbs3⤵PID:4920
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD53deec2b643b9d3eafb0158e9c14bcafb
SHA14e051687ef19ecc0a5d94e51297761040536e43a
SHA25640609ae1c7cf3f603cd4309f6f3dee7d3ea146718ae6ff4219592d27de28f826
SHA512764e9a67f84738efe47940dcc05dc92c03419a67d63a62f5ce510362f347d7ebc42ef8c304fdf358ae19294defccd6e856e992fdb6b8021b93e0dcd9e75a74a0
-
Filesize
241KB
MD5781fb531354d6f291f1ccab48da6d39f
SHA19ce4518ebcb5be6d1f0b5477fa00c26860fe9a68
SHA25697d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9
SHA5123e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1809750270-3141839489-3074374771-1000\83aa4cc77f591dfc2374580bbd95f6ba_2c7a2658-1166-4e8e-b7f6-c01b4ff97801
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd