308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
05-08-2022 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
Size

185KB
MD5

8535942f58ba61ce5ce0755d7570f22f
SHA1

fb6c95fa16c2e91f22ac4e8d73233962e645c6bd
SHA256

308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda
SHA512

9ac96be4ae70460ee80918598584d88e765173b5f143eb094c0f66c5d4a942370c45ff60599aedcee38fbf15901a0e198f11057821bf2b8907c4a9a9387e10c9

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

wmic.exewmic.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1020	wmic.exe
Token: SeSecurityPrivilege	1020	wmic.exe
Token: SeTakeOwnershipPrivilege	1020	wmic.exe
Token: SeLoadDriverPrivilege	1020	wmic.exe
Token: SeSystemProfilePrivilege	1020	wmic.exe
Token: SeSystemtimePrivilege	1020	wmic.exe
Token: SeProfSingleProcessPrivilege	1020	wmic.exe
Token: SeIncBasePriorityPrivilege	1020	wmic.exe
Token: SeCreatePagefilePrivilege	1020	wmic.exe
Token: SeBackupPrivilege	1020	wmic.exe
Token: SeRestorePrivilege	1020	wmic.exe
Token: SeShutdownPrivilege	1020	wmic.exe
Token: SeDebugPrivilege	1020	wmic.exe
Token: SeSystemEnvironmentPrivilege	1020	wmic.exe
Token: SeRemoteShutdownPrivilege	1020	wmic.exe
Token: SeUndockPrivilege	1020	wmic.exe
Token: SeManageVolumePrivilege	1020	wmic.exe
Token: 33	1020	wmic.exe
Token: 34	1020	wmic.exe
Token: 35	1020	wmic.exe
Token: SeIncreaseQuotaPrivilege	1020	wmic.exe
Token: SeSecurityPrivilege	1020	wmic.exe
Token: SeTakeOwnershipPrivilege	1020	wmic.exe
Token: SeLoadDriverPrivilege	1020	wmic.exe
Token: SeSystemProfilePrivilege	1020	wmic.exe
Token: SeSystemtimePrivilege	1020	wmic.exe
Token: SeProfSingleProcessPrivilege	1020	wmic.exe
Token: SeIncBasePriorityPrivilege	1020	wmic.exe
Token: SeCreatePagefilePrivilege	1020	wmic.exe
Token: SeBackupPrivilege	1020	wmic.exe
Token: SeRestorePrivilege	1020	wmic.exe
Token: SeShutdownPrivilege	1020	wmic.exe
Token: SeDebugPrivilege	1020	wmic.exe
Token: SeSystemEnvironmentPrivilege	1020	wmic.exe
Token: SeRemoteShutdownPrivilege	1020	wmic.exe
Token: SeUndockPrivilege	1020	wmic.exe
Token: SeManageVolumePrivilege	1020	wmic.exe
Token: 33	1020	wmic.exe
Token: 34	1020	wmic.exe
Token: 35	1020	wmic.exe
Token: SeIncreaseQuotaPrivilege	1688	wmic.exe
Token: SeSecurityPrivilege	1688	wmic.exe
Token: SeTakeOwnershipPrivilege	1688	wmic.exe
Token: SeLoadDriverPrivilege	1688	wmic.exe
Token: SeSystemProfilePrivilege	1688	wmic.exe
Token: SeSystemtimePrivilege	1688	wmic.exe
Token: SeProfSingleProcessPrivilege	1688	wmic.exe
Token: SeIncBasePriorityPrivilege	1688	wmic.exe
Token: SeCreatePagefilePrivilege	1688	wmic.exe
Token: SeBackupPrivilege	1688	wmic.exe
Token: SeRestorePrivilege	1688	wmic.exe
Token: SeShutdownPrivilege	1688	wmic.exe
Token: SeDebugPrivilege	1688	wmic.exe
Token: SeSystemEnvironmentPrivilege	1688	wmic.exe
Token: SeRemoteShutdownPrivilege	1688	wmic.exe
Token: SeUndockPrivilege	1688	wmic.exe
Token: SeManageVolumePrivilege	1688	wmic.exe
Token: 33	1688	wmic.exe
Token: 34	1688	wmic.exe
Token: 35	1688	wmic.exe
Token: SeIncreaseQuotaPrivilege	1688	wmic.exe
Token: SeSecurityPrivilege	1688	wmic.exe
Token: SeTakeOwnershipPrivilege	1688	wmic.exe
Token: SeLoadDriverPrivilege	1688	wmic.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

java.exe

pid process

2000 java.exe

pid	process
2000	java.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

java.exe

description	pid	process	target process
PID 2000 wrote to memory of 1020	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1020	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1020	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1688	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1688	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1688	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1052	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1052	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1052	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1560	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1560	2000	java.exe	wmic.exe
PID 2000 wrote to memory of 1560	2000	java.exe	wmic.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000

C:\Windows\System32\Wbem\wmic.exe
wmic CPU get ProcessorId
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1020

C:\Windows\System32\Wbem\wmic.exe
wmic bios get serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1688

C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get name
2⤵
PID:1052

C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get UUID
2⤵
PID:1560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1020-65-0x0000000000000000-mapping.dmp

Download
memory/1052-67-0x0000000000000000-mapping.dmp

Download
memory/1560-68-0x0000000000000000-mapping.dmp

Download
memory/1688-66-0x0000000000000000-mapping.dmp

Download
memory/2000-54-0x000007FEFBA81000-0x000007FEFBA83000-memory.dmp

Filesize
8KB

Download
memory/2000-64-0x0000000002210000-0x0000000005210000-memory.dmp

Filesize
48.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads