236563e698893dcff9630ab9db89cfc92919b2edae1fd4f56bcec9ec657139c9

Resubmissions

05-03-2023 03:16

230305-dslyksfe79 7

04-03-2023 07:52

230304-jqdr3sdc58 1

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2023 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4220bd7a4388076702fd9d2ad5b3d57a.exe
Size

15.5MB
MD5

4220bd7a4388076702fd9d2ad5b3d57a
SHA1

427507dc7c8af1803cd1597d0a9acd35a57abef3
SHA256

236563e698893dcff9630ab9db89cfc92919b2edae1fd4f56bcec9ec657139c9
SHA512

10c42c8de20045b4f350f7f572c0be651c3bda35cc601f0fc61c758cbbf2fcc2612d26299f98f4003f9e6c999188aa5304e58aea6c9482399dd7e43f89fd5fb2
SSDEEP

393216:lhDNFabhV8d9Td1Ukw3k2woJuQFkyRmazVNEJVZOUcryo8mRHVNt:3DNFwVejrw3kZoFVR8qyo8mBx

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
236	javaw.exe
236	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1080	628	4220bd7a4388076702fd9d2ad5b3d57a.exe	86
PID 628 wrote to memory of 1080	628	4220bd7a4388076702fd9d2ad5b3d57a.exe	86
PID 1080 wrote to memory of 236	1080	javaw.exe	87
PID 1080 wrote to memory of 236	1080	javaw.exe	87

C:\Users\Admin\AppData\Local\Temp\4220bd7a4388076702fd9d2ad5b3d57a.exe
"C:\Users\Admin\AppData\Local\Temp\4220bd7a4388076702fd9d2ad5b3d57a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\4220bd7a4388076702fd9d2ad5b3d57a.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djdk.attach.allowAttachSelf -XX:+DisableAttachMechanism -Dlauncher.stacktrace=false -Dlauncher.dev=false -Dlauncher.debug=false -Xmx256M -cp C:\Users\Admin\AppData\Local\Temp\4220bd7a4388076702fd9d2ad5b3d57a.exe pro.gravit.launcher.colORmCjHNEaTF
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
49f4db122911a3c2cf4cff981f05fb81

SHA1
eecc2a72f8e715e63e9ca312d390940e4e5a75e8

SHA256
507b25e38dca7db0517f9787093a069e1ab7984a060c3c31a23e7a0444b24198

SHA512
76bf99dd245054b86f8825d7d3cc668161c40aa3810f54da7a05855b9e8c6383aa40d634492480a1fe866cb7dde3a4f6289f28a86c607ee3d66b58ad121c106a

Download Submit
memory/236-187-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-234-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-205-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-206-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-163-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-165-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-169-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-189-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-246-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-241-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-240-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-215-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-228-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/236-239-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/628-133-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1080-146-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1080-144-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1080-160-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads