d2e13a98d3e331a6b002fef5ce027bb8849a35b79e1b81f838896ee85abfc552

Analysis

max time kernel
128s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 22:31

Target

d2e13a98d3e331a6b002fef5ce027bb8849a35b79e1b81f838896ee85abfc552.jar
Size

14KB
MD5

b676ec7b387de8795833b691a367d3d1
SHA1

6417e9b860bbf64f01cbce46f7b36aff9bb5e458
SHA256

d2e13a98d3e331a6b002fef5ce027bb8849a35b79e1b81f838896ee85abfc552
SHA512

32be43ea43ffb5f4f373a872ff8430fe715da056be01ea2e38d63e8314f34f96f88ff79500eb8822e141107577c8c4c2260dd6ca5f0788516d960ec2419311a5

Score

10^/10

suricata

suricata: ET MALWARE Possible Winnti-related DNS Lookup (vps2java .securitytactics .com)
suricata: ET MALWARE Possible Winnti-related DNS Lookup (vps2java .securitytactics .com)
suricata
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 848 wrote to memory of 1256 848 java.exe java.exe
PID 848 wrote to memory of 1256 848 java.exe java.exe

description	pid	process	target process
PID 848 wrote to memory of 1256	848	java.exe	java.exe
PID 848 wrote to memory of 1256	848	java.exe	java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\d2e13a98d3e331a6b002fef5ce027bb8849a35b79e1b81f838896ee85abfc552.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:848

C:\ProgramData\Oracle\Java\javapath\java.exe
java -classpath C:\Users\Admin\Documents\.FlashX Flash.Updater
2⤵
PID:1256

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
Filesize
50B

MD5
f16e8ae28b3c3a280e611dfe6058ad7b

SHA1
ff4a9e455648125773cd5a3decb30774cd63626c

SHA256
570540ac157142e5ddfa2d138e1bc8b7b48e7ad650eea21970c9b12fcb7c4cd3

SHA512
4d90ccebf693e327ba5f45d5830ca8810909567501c674559d6faa9cc9d7a1b3c635fe77229c8e559b1d934d486a3eb3659081dc31b7b8527512782eb470ca38

Download Submit
C:\Users\Admin\Documents\.FlashX\Flash.dat
Filesize
227B

MD5
abc991e86caf6f7c758c696c8d7dcde1

SHA1
83b63c7b0c6475687bd200099401bba577dfb9a1

SHA256
eec989c097d0ef454c48a444f3b57047306e67ca6db5869b3faff358133da9a8

SHA512
60f0997ac5841604cb578e3f922db0bb7c88077d0f6082b9d4a76b1bbe2ac7464e1ab1e8731d6a47d12c4edd887a0fbd04ca21d18dddeb67bb3429fe6e2982bb

Download Submit
C:\Users\Admin\Documents\.FlashX\Flash\Updater.class
Filesize
9KB

MD5
685b8103c56c0d88686c1e14a39f246c

SHA1
9bd464d576a8bef675034170611e48efa807beb5

SHA256
72dbc7ac191069dceadd87625f128cd72245bb2343ebf952282ee136d93df0f3

SHA512
884dca7048554ce815e545bcedcec69a68fcccebdd827652d614bf78189f5ba5cf7055ef57bf8d06bbf8ec759a083d036098cf94a928def0d2d7dea6be03153f

Download Submit
memory/848-134-0x0000000002B40000-0x0000000003B40000-memory.dmp

Filesize
16.0MB

Download
memory/1256-140-0x0000000000000000-mapping.dmp

Download
memory/1256-154-0x0000000002F10000-0x0000000003F10000-memory.dmp

Filesize
16.0MB

Download
memory/1256-155-0x0000000002F10000-0x0000000003F10000-memory.dmp

Filesize
16.0MB

Download