Analysis
-
max time kernel
37s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 01:19
Static task
static1
Behavioral task
behavioral1
Sample
56e9a027fc773fdb0bb712d0e8c9d11ccf4e7f1c1b4095655041ee045fbb4856.jar
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
56e9a027fc773fdb0bb712d0e8c9d11ccf4e7f1c1b4095655041ee045fbb4856.jar
Resource
win10v2004-20220721-en
General
-
Target
56e9a027fc773fdb0bb712d0e8c9d11ccf4e7f1c1b4095655041ee045fbb4856.jar
-
Size
1.2MB
-
MD5
9fe9ac247bb3d49effd18bd03b564296
-
SHA1
59a67466a296a196bb66a39df10c77316354a539
-
SHA256
56e9a027fc773fdb0bb712d0e8c9d11ccf4e7f1c1b4095655041ee045fbb4856
-
SHA512
d1343fa5509e1ae1210b3d54767ba9689e3228538339861f83047c8a56ad9c1b6f16808c1686851a8463573d913c0937d376f5019f5ee5c425b09fee087fd77a
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
java.exepid Process 880 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid Process procid_target PID 880 wrote to memory of 5096 880 java.exe 83 PID 880 wrote to memory of 5096 880 java.exe 83
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\56e9a027fc773fdb0bb712d0e8c9d11ccf4e7f1c1b4095655041ee045fbb4856.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Program Files\Java\jre1.8.0_66\bin\java.exe"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.24387192970200514340580602672100083.class2⤵PID:5096
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7518998549946239085.vbs2⤵PID:804
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD5c001a5b990b31b978590c7c77ebe25ce
SHA1c428ae3b55ae9a9ed3291338d268b171172aeb7d
SHA2565611df301577b45bbb6a4735711e639fdfb7ea3bc02132df09508a7ffce35f79
SHA512b313fad487e01aa91a8bc5aae0d64ec574816708107b7d4a82808817aaf70481d9c5bf1f5910e324347b64bbd352d667c664877eec925612f5dff7ea2d22a43f
-
Filesize
241KB
MD5781fb531354d6f291f1ccab48da6d39f
SHA19ce4518ebcb5be6d1f0b5477fa00c26860fe9a68
SHA25697d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9
SHA5123e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2660308776-3705150086-26593515-1000\83aa4cc77f591dfc2374580bbd95f6ba_b975079f-5511-47c1-a87a-f7cd913ae83c
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd