6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

Analysis

max time kernel
50s
max time network
72s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
05-02-2023 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Srenshare tool/Tools/luyten-0.4.5.exe
Size

3.7MB
MD5

810a0255f0a13a895172caeb3b8a47fa
SHA1

b22532caf079fc1b2c81c29fd17d7065c773c542
SHA256

8c37240aaddc1da68bcfd6570463c590cfa9fecb6bb250a9970a0061897ae341
SHA512

a112b0e8ef1578f66578beeb40402e49c24398d3d2ce85a70dffaf4bade2a92a0b5b7e395fd0f25baffd7a038fa8cc03d521d840a1b5382aae4bedc5804b343d
SSDEEP

98304:OjzDT2Hg0WbBhvc3YapZKNIvCjn2cEbTj:qDT2A0WbHvvap4IvCBKn

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

Processes:

javaw.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

javaw.exe

pid process

4492 javaw.exe

pid	process
4492	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

luyten-0.4.5.exe

description	pid	process	target process
PID 2832 wrote to memory of 4492	2832	luyten-0.4.5.exe	javaw.exe
PID 2832 wrote to memory of 4492	2832	luyten-0.4.5.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\Srenshare tool\Tools\luyten-0.4.5.exe
"C:\Users\Admin\AppData\Local\Temp\Srenshare tool\Tools\luyten-0.4.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xms128m -Xmx1024m -classpath "C:\Users\Admin\AppData\Local\Temp\Srenshare tool\Tools\luyten-0.4.5.exe;rsyntaxtextarea-2.5.8.jar;procyon-core-0.5.32.jar;procyon-expressions-0.5.32.jar;procyon-reflection-0.5.32.jar;procyon-compilertools-0.5.32.jar" us.deathmarine.luyten.Luyten
2⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2832-116-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-117-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-118-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-119-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-120-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-121-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-123-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-122-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-125-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-126-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-127-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-128-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-129-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-124-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-130-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-131-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-132-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-133-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-134-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-135-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-136-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-137-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-138-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-139-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-140-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-141-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-142-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-143-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-144-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-145-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/2832-146-0x00000000771B0000-0x000000007733E000-memory.dmp

Filesize
1.6MB

Download
memory/4492-147-0x0000000000000000-mapping.dmp

Download
memory/4492-156-0x0000000002B20000-0x0000000003B20000-memory.dmp

Filesize
16.0MB

Download