9dadaba0f07cac5be454ee9786e6cc941139ad8f71c8c41a61b6bcf817cb55e9 | Triage

Analysis

max time kernel
173s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 23:11

Sharing

Report Analysis Logs

General

Target

9png/draw9patch.bat
Size

1KB
MD5

0e12481de3bd3f22284dbfcc0c2ba3d3
SHA1

814bea86174d5bf1c9d8ce2928f494957fc5e9b4
SHA256

aaaf0dc8e1a5dc4c4d93a0ee0622228e236ed829e4505d6789fd78adac1d7c6f
SHA512

2a0d2024dbaab2aeec9b711f6ab6bf0bd5c4800c1c2aa3be2795a5a3aeeca923f8400041740fffa6f15dcc8debdc463a162e53b72b6e89de4771b3ec9dbb4110

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5108	java.exe
5108	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 5108	3396	cmd.exe	86
PID 3396 wrote to memory of 5108	3396	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\9png\draw9patch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3396
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java -Djava.ext.dirs=lib\ -jar lib\draw9patch.jar
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5108-138-0x0000000002BD0000-0x0000000003BD0000-memory.dmp

Filesize
16.0MB

Download
memory/5108-145-0x0000000002BD0000-0x0000000003BD0000-memory.dmp

Filesize
16.0MB

Download