419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

Analysis

max time kernel
151s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24-03-2023 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u361-windows-x64.exe
Size

62.1MB
MD5

e70de386ebc763932a181fc37a2ad042
SHA1

18e76e452b289ae2fc167667b55a81b11ec2693f
SHA256

419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d
SHA512

a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d
SSDEEP

1572864:UYXYUrHHqj4AY8QOl+Kx1RwayO59accVL9NJ9fM4X:UYXYUrHqxl+KxzwayFTVL99l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

jre-8u361-windows-x64.exe

pid process

688 jre-8u361-windows-x64.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

jre-8u361-windows-x64.exe

pid process

688 jre-8u361-windows-x64.exe
688 jre-8u361-windows-x64.exe

pid	process
688	jre-8u361-windows-x64.exe

pid	process
688	jre-8u361-windows-x64.exe
688	jre-8u361-windows-x64.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

jre-8u361-windows-x64.exe

description	pid	process	target process
PID 4420 wrote to memory of 688	4420	jre-8u361-windows-x64.exe	jre-8u361-windows-x64.exe
PID 4420 wrote to memory of 688	4420	jre-8u361-windows-x64.exe	jre-8u361-windows-x64.exe

C:\Users\Admin\AppData\Local\Temp\jre-8u361-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u361-windows-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4420

C:\Users\Admin\AppData\Local\Temp\jds240564109.tmp\jre-8u361-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds240564109.tmp\jre-8u361-windows-x64.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_361\Java3BillDevices.png
Filesize
11KB

MD5
b3c9f084b052e95aa3014e492d16bfa6

SHA1
0e33962b2191e7b1a5d85102cdf3c74fcd1254e4

SHA256
a68ddd67f6fcb0bbf1defa0778ee543e92c1074c442197ab623f733cc6285948

SHA512
06f51ac2962a0ec5f05ad6c90a2ba85b851d1fa2f0c079dc264fe930316cead959f68f6e34ff591b131867b482c266ac42400b06385dae712637ff0a90f902d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240564109.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240564109.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
926c4b9f82b1a380493274d61cd9f190

SHA1
5470727bbba2cc691d939f274b48cf37d6d07fba

SHA256
731188e5702c5b6862df3e74b7fea90fb4e3f81d8ab258e3cd8c4d712eeb34d3

SHA512
f632a8843a9289da008879242e8b4adcd060ef2fa34da2d1ebc3b447394cfd5866abe5e9b2ba17361f32ef9bff76f0698e904ca7c46463d85dcb517c49a722ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
809e373a2231c4b32179d7c8f70ca318

SHA1
7f7a1ff7afac8661f23b29f07c5213bc04b6024f

SHA256
67e6b400e7b314092465de296bd834f3c878bd84309688a0dc7e6e6e1f3505ce

SHA512
82c46497cd8be957041439f16cb3163dacf1451e23ceb699496b8b79610955aab136f056275fe992e68ffa8e69599748651320594f3cf09b6f46d374102e15de

Download Submit
memory/688-244-0x0000029085E80000-0x00000290874F7000-memory.dmp

Filesize
22.5MB

Download
memory/688-254-0x0000029085E80000-0x00000290874F7000-memory.dmp

Filesize
22.5MB

Download
memory/688-256-0x0000029085E80000-0x00000290874F7000-memory.dmp

Filesize
22.5MB

Download