091174c660b9d8d753b3edaa72369e26663637bf09a9b81d53c530638b46cfb5

Resubmissions

23/12/2022, 02:22

23/12/2022, 02:19

23/12/2022, 02:17

max time kernel
52s
max time network
73s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23/12/2022, 02:19

Target

TLauncher-2.68.jar
Size

4.6MB
MD5

f6358b8ffcd0b6486ba9e34f7c60f1a8
SHA1

abf3bd71f365852f040b2807f94fc7c41c56d44a
SHA256

091174c660b9d8d753b3edaa72369e26663637bf09a9b81d53c530638b46cfb5
SHA512

400b14b842cf0e9e0c84e74a1950dc1c4de8f40a87037e0e55dde4cd39196ec5f6168ec8604718d59c884b6733e7010d81fb5178ef4ceceb9b193a68f5cc455e
SSDEEP

98304:myDlDwyJhnZoqh7W168gofU/kdQhd9vPl:mqJvnBlMKkdQhXF

Score

4^/10

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1776	java.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2308

memory/1776-120-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-130-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-133-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-135-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-139-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-140-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/1776-141-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download