9045fd0a805e07c7e6367fb3cb62f8121964056894cee3b56f6f85feddce92f7

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 07:06

Target

fcymhfmvy.jar
Size

91KB
MD5

3bbdbc10682111317bef9f19b6dbb95e
SHA1

135efb10366e837601e01cec75999662abb87a80
SHA256

9045fd0a805e07c7e6367fb3cb62f8121964056894cee3b56f6f85feddce92f7
SHA512

858f62f75d3eb1c4f7fbef9c92cd10e26e5326484e5557a7e1a6bb140413470c2364b0f44383a166e3517d1d759775c17baa46560bf13768850cf3b1573b1170
SSDEEP

1536:gWXEFve11Urc5vdk1/IMXamHsdnzbPxy0Is1SeWOXSlrIzHs7S+GQp5Oc9P:5gvLcU1/B85bJy0b0OX1js7LF539P

Score

4^/10

Drops file in Program Files directory 12 IoCs

Processes:

java.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2352 2040 WerFault.exe

pid	pid_target	process	target process
2352	2040	WerFault.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\fcymhfmvy.jar
1⤵
- Drops file in Program Files directory
PID:5108

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 2040 -ip 2040
1⤵
PID:1928

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2040 -s 1744
1⤵
- Program crash
PID:2352

memory/5108-140-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-142-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-147-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-152-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-153-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-154-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-159-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-160-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-162-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-163-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-164-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-165-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-166-0x00000000026A0000-0x00000000036A0000-memory.dmp

Filesize
16.0MB

Download