Overview

overview

9

Static

static

jdk-17.0.4...in/jar

ubuntu-18.04-amd64

9

jdk-17.0.4...signer

ubuntu-18.04-amd64

1

jdk-17.0.4...n/java

ubuntu-18.04-amd64

9

jdk-17.0.4.../javac

ubuntu-18.04-amd64

9

jdk-17.0.4...avadoc

ubuntu-18.04-amd64

9

jdk-17.0.4.../javap

ubuntu-18.04-amd64

1

jdk-17.0.4...n/jcmd

ubuntu-18.04-amd64

9

jdk-17.0.4...onsole

ubuntu-18.04-amd64

9

jdk-17.0.4...in/jdb

ubuntu-18.04-amd64

9

jdk-17.0.4...prscan

ubuntu-18.04-amd64

9

jdk-17.0.4.../jdeps

ubuntu-18.04-amd64

9

jdk-17.0.4...in/jfr

ubuntu-18.04-amd64

9

jdk-17.0.4.../jhsdb

ubuntu-18.04-amd64

1

jdk-17.0.4...jimage

ubuntu-18.04-amd64

1

jdk-17.0.4.../jinfo

ubuntu-18.04-amd64

1

jdk-17.0.4.../jlink

ubuntu-18.04-amd64

1

jdk-17.0.4...n/jmap

ubuntu-18.04-amd64

1

jdk-17.0.4...n/jmod

ubuntu-18.04-amd64

9

jdk-17.0.4...ackage

ubuntu-18.04-amd64

9

jdk-17.0.4...in/jps

ubuntu-18.04-amd64

1

jdk-17.0.4...script

ubuntu-18.04-amd64

1

jdk-17.0.4...jshell

ubuntu-18.04-amd64

9

jdk-17.0.4...jstack

ubuntu-18.04-amd64

9

jdk-17.0.4.../jstat

ubuntu-18.04-amd64

1

jdk-17.0.4...jstatd

ubuntu-18.04-amd64

1

jdk-17.0.4...eytool

ubuntu-18.04-amd64

9

jdk-17.0.4...gistry

ubuntu-18.04-amd64

9

jdk-17.0.4...ialver

ubuntu-18.04-amd64

9

jdk-17.0.4...an.ps1

windows7-x64

1

jdk-17.0.4...an.ps1

windows10-2004-x64

1

jdk-17.0.4...ps.ps1

windows7-x64

1

jdk-17.0.4...ps.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    68s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2022, 13:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jdk-17.0.4.1+1/man/man1/jdeps.ps1

  • Size

    11KB

  • MD5

    711a28c9765b62508e22cc63f776187b

  • SHA1

    1ea8afa4cb6a945708bc8077c5a78bf4c7b27632

  • SHA256

    0eeee55fce30e051252642873e928010afd8cde2666c1decde058159269b037e

  • SHA512

    59a5f4db17820624a70ce3142f495ef0b39046ef8b1b819f690ce3796012a1df35240f24c8e1e1822c7446065820a1273845e9cb9c57a07677cc1a7e7b80f564

  • SSDEEP

    192:gFsNdNdtAgBHK6sbx42//Igt9N6Mi6j0CfrdeeeNvND/a+Rco8ASCx:gF6djSg5K6Q/F9N6uQGryvN7a+NnH

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\jdk-17.0.4.1+1\man\man1\jdeps.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4484-132-0x0000016719140000-0x0000016719162000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4484-133-0x00007FFC65810000-0x00007FFC662D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4484-134-0x00007FFC65810000-0x00007FFC662D1000-memory.dmp

    Filesize

    10.8MB

    Download