Overview

overview

4

Static

static

1

jadx-gui-1...in.exe

windows7-x64

3

jadx-gui-1...in.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    109s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/04/2023, 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jadx-gui-1.4.5-no-jre-win.exe

  • Size

    29.3MB

  • MD5

    7b7afa0443ce57f4d0fa5721655066ee

  • SHA1

    1b026ab71b1ce1c766470ee287d0207a116440f7

  • SHA256

    9b9c165b0e797d35ccdfb9bee1291241adf37e1a2d8ca3b521c7d11b3b23b3ae

  • SHA512

    1971ae5adbbc42fd910252e558b9abde2964535c92e84fed5f008bd29ffbd0632d8b894d0d24a85940b8b3db14a52818c92362bbd96d268eb2b9aefc7e83ee03

  • SSDEEP

    393216:vURvQD3YjEMfQtQ3F5u4hZPW16jFYb03qJXf0h+c6aZK/1e0vDEsKDZQX+RM:h3YgMfxFAYZ66jaI3Uf6+ctH07gq+RM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jadx-gui-1.4.5-no-jre-win.exe
    "C:\Users\Admin\AppData\Local\Temp\jadx-gui-1.4.5-no-jre-win.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oracle.com/java/technologies/downloads/#jdk17-windows
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1328

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9affee2f7fed694d4a78ffaecae591a

    SHA1

    9fa2ec4d66be08e72b2c4cb71d9f0cf998056c72

    SHA256

    1bacd9515d07cc9803b316bf84aa51e85e8475c6f4595f82609b5acab27cfc59

    SHA512

    b534a06c8bb22120b95030ffae0b55398d2bda3d14c436be7087817c654735158e5c0392b19b95bb6464e3108967baac709957a85931fc844facb20900da8cd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c92537716b24c2ca6d0fd7857be741f1

    SHA1

    111492b7b3fb94e3c54b77109e06bbe7c31f1776

    SHA256

    bbf9a5077f1e63cecd38ceecf54677e19dd4f862be193914500331a539988f73

    SHA512

    f7e547e0431f942f6dfbce11a2b0db24d514e694c4340f777fc5c684463168806f59f3e0b7b99d3efd857d9e5e42240330c7d690e1ce5bdf9a85bffe54dc76e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6123b648affd3e0766b3702ff12510b5

    SHA1

    57a1a56a4a9ff0b34c6877ff81dc875376cbdc03

    SHA256

    737539f247f02e6edfc95a69bee5f02a08ccfbf5d8eac6291792f0cbd1e8eef1

    SHA512

    283094373f42be22fe71dd3886b5e74c14874c715b39ad97e777e64b8a3b5a26b52f3a02a4c9a37b651fda30ea63ac9b12b9dc11a63a45fa38b2cc78120acb38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26270640f440b7f1c8c793fca8375dbd

    SHA1

    8da8a45ca238751ac69cc7bc73d413ad85455b05

    SHA256

    e1d8b74fdbb28d24bfc8832ac7239bcf900c1f1d512ab7749c5f0041fb79bbf8

    SHA512

    46b4cc782f74407e546b9e09dac921d8397c65853269520c447a4560fa59b6d34525bba54148925cd81a99ba5702c39cc1139c65054eb9c19e4dd5c955f81305

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5b0e68e2cfab55cdce05588b4574048

    SHA1

    02006771f6ee8bf0afa0c16550b90caf2a058b82

    SHA256

    99be49ab2d98851eb3e2e763e60250c1e25084003afe285638bb3de702d5e907

    SHA512

    f307f978b8a4eaa4c7462209bf2a52fd9474c4ef411723cb8ca4abbe17b9a1c922a88ac1b16fc371c047a5788c9b2794989c41dee8f445742aaa66c3ba0b6375

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df7d5fc65c0f39b4c98f3aeb61701653

    SHA1

    a228dfb78d38771e253ce2657f8c802b5f6e3d1f

    SHA256

    d6c4d5053f17d46e8e14857c5fa532095ac5334a8cfb42ea84d22b8a1f45fbac

    SHA512

    a06ca7f50331b854568ef1178a3ee96107f4711756403a1b402a43ad803ef31abafddcb216edebf896eadff8d2be30a6ebde0f1849e7ef1b3f11dd53966767a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdd92182fe4560f09b959d0c009e680b

    SHA1

    6deb634d4e78ea749d8aed488c4befdfad0d5f1a

    SHA256

    4d234ff53cd362e607d1627cb26bb994f86f5aa85560d5412c17371ff6290cdf

    SHA512

    43738cc5b6eb90c9ad91b97a5f03eee33479b16da932cb52488b4f7ffd2903c7e324f5255acd6c67377714340cea4daa9cbdebd5533cbdbae08a2877a1c1964b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e50f7d301985ac530330092c02488072

    SHA1

    bfc6d15fc002b04641bbd0112ee04c21aa9f09c3

    SHA256

    b8cbd1af6e9f611b96c237231c99e84b5d4a5f137384cbcdc96c01340ba87241

    SHA512

    5d3c9ad86fd12edef3d1b50fd654558f6457dbb83e4085bfc24626d36d97e9e3ed852b6ed5b4d897f3a664b4a93f9a097bc7e6105f0d2fac9fd25566a6594607

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c237f4a095ed52633394e7c9343c4105

    SHA1

    b92ed24f79e18d66b7ea73e6be1426d7784eea23

    SHA256

    e41e51252b3c7ce306221386c439dbc6c6fc4728e2342bda87fc3e0e0047e197

    SHA512

    31ce28baa25817314472e7465634447c63b7e3f47f96ef73747ed568fcbee3dbbb9ef5d3d68a372ccde1249a4869dc01bc85027b6bbd13b1e5f4246776588832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    435979f3c07d17369d909bf8f21a932c

    SHA1

    5a23bc84b32024c38c8967511e299642ba636801

    SHA256

    011fa3e7235c4c118b5117e2ffa00bcfeaf77c3861a6c3dd9b4cb440cb805def

    SHA512

    7e9416240082d70ef133930346f2db83806b4eca1dd95c101f827be1565ef508f12d334589d954454041874174c40763b327e3b01aa661ae0187104c25ba9da0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    659dd4a2c7de3345841128b42767eead

    SHA1

    797205067ca2197e9dae7ed0c9a5bfada8545f71

    SHA256

    2691746179bbad281dfc0e1bd5056a294b4b4806ff3c65d37a3dc7507d35a57a

    SHA512

    3733ff3a7f7503ce2efa4fe334fce3ba7d9c0904cc0a4e46d8119060061ec43130eb10c271f8e221bba6066bfabffbc65ec511a0b0291bb81451a32fd2f5222d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGSM6BEW\www.oracle[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
    Filesize

    5KB

    MD5

    ac1cf8ddea3b1bd7664d6cef8130f0c3

    SHA1

    2f84775a5aae3add04b0ee19002ff138e9614dd8

    SHA256

    2016404db9257bef1076fbb13efee8a4daaf790dc5bf54c15856fbd3194c48a6

    SHA512

    e8bf76fdc84bf35a11c86452be4b3bdb30efa96bbc3602cda66dc47d252bf42d79ad09b1088d320d865654e4aa323d2a628e6f2aaba45d6915e3a3c4ebc5aa64

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2EIRHNV\favicon-32[1].png
    Filesize

    1KB

    MD5

    51db57e829efd1958c47eef011040d9e

    SHA1

    32dae01af230fffb57070054d5693ba66d191d5e

    SHA256

    e24f15815d2cf3e2bab2323a684dfc8b0b86ea3da044465765b0e35cfd50793c

    SHA512

    4545758b7fabbe8016fb2c5de71e156697a2e7cda866333df024087f454a6a0ff098928d5592680e0812e596d9fefbd54895845876db8c2b5c06ad879f4ce949

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE073.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE131.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE084.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1C3.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\25NAI0S1.txt
    Filesize

    603B

    MD5

    cd6f35f942261d63c608683dd323844c

    SHA1

    7a4e5b9b0277007ad17210a4cdee6a49c61a18f0

    SHA256

    ef0de3c0d4c88faf23b262d3facb205a6b80dd6e2b107f0d1bd2bd557880eac8

    SHA512

    aa9bdfa158c5d732218f0a6786399f4616c4a7a8243f502bbf03ff6823ad94fae41f30ee40352d62eaa42442ab18e20b03994493b6f3e394558460cd3cb621bd

    Download Submit

  • memory/1624-54-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download