371968259bf7e06d007dca302b9e0c01fa0eb84579dc4fc5fb14f3a2a8f29035

Analysis

max time kernel
61s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2023, 11:00

Target

Other Words for Alone Retro Edition.jar
Size

2.1MB
MD5

9eede82670c4180d127b0281a5a42429
SHA1

fa636bdd4d56e5df16709b9039607219047e777b
SHA256

371968259bf7e06d007dca302b9e0c01fa0eb84579dc4fc5fb14f3a2a8f29035
SHA512

21a5c716ea3ea13f975f549e7f38e441f9aac072334f027ba36b506b9625ffaaea104fcb70bc38326ae89410c91bd59af525c7a32e27aba71b1f4207a94dce34
SSDEEP

49152:j8muCqX11BuoXmb6Tj6x6w4KQbcWxfIVQtO7A:ImmXUoXq6Tj6x4KQIuIVaO7A

Score

4^/10

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3212	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4936	java.exe

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3212

memory/4936-136-0x0000000002800000-0x0000000003800000-memory.dmp

Filesize
16.0MB

Download