1f6498ea52f6e948b417b405c460ddeccf8243c91b71e166a5c627f3a97b9dec

Analysis

max time kernel
152s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-05-2023 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows/install.exe
Size

110KB
MD5

6f02b91897c4610e024544e035116ac2
SHA1

14e4779a095cfdc44e34219f6f6004e76c6f12c2
SHA256

f63dc2a1d4dba23d5acec28af65f8cc3419584419c09689e170e1ae83bf5d6a4
SHA512

39be399617ae0b402a4354754a2d57efec65cd6b661658b51662263c5aaa3210d3b6f44894b059670ffac3a34526060a82a1821075ad2eba50b96e449dc1cb74
SSDEEP

1536:II8xTv4Wc8MWOwuatcswxdmhI78fhU0YKfOVEQVh4vTLUtYxVfl5HHXiDyoZoFuB:II8GMtiPyfGSfON/A0tqfvHHyDyWoH0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral17/memory/1108-55-0x0000000000400000-0x0000000000442000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

javaw.exe

pid process

924 javaw.exe

pid	process
924	javaw.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

install.exe

description	pid	process	target process
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe
PID 1108 wrote to memory of 924	1108	install.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\Windows\install.exe
"C:\Users\Admin\AppData\Local\Temp\Windows\install.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\Windows\resource\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows\resource\jre\bin\javaw.exe" -Xms16777216 -Xmx50331648 -classpath "C:\Users\Admin\AppData\Local\Temp\InstallerData\IAClasses.zip;C:\Users\Admin\AppData\Local\Temp\Windows\resource\jdglue.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData\Execute.zip;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData\Execute.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData\Resource1.zip;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData\Resource1.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData;" com.zerog.lax.LAX "C:/Users/Admin/AppData/Local/Temp/Windows/install.lax" "C:/Users/Admin/AppData/Local/Temp/lax2E33.tmp"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lax2E33.tmp

Filesize
5KB

MD5
475770dafe1a3b96bd9f8531d814e101

SHA1
f080248f2e08a3f47a88f63b58fa4af174d9b471

SHA256
0b2227bcc1e808cd590dc1f20ae8751adbd9ef76928170cb0cc7e977d516ea95

SHA512
5b2017986b833f4df21cc7cf3795abc56845632f2538eeb6e2ef229b1b4d0e47921966c0539d9f7eee893b3badd1939e5175a34c28c781245aae66a07ed692bf

Download Submit
memory/924-86-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-71-0x00000000043C0000-0x00000000044D2000-memory.dmp

Filesize
1.1MB

Download
memory/924-59-0x0000000000230000-0x0000000000249000-memory.dmp

Filesize
100KB

Download
memory/924-90-0x00000000003E0000-0x00000000003FE000-memory.dmp

Filesize
120KB

Download
memory/924-63-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-64-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-120-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-93-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-72-0x00000000045C0000-0x0000000004611000-memory.dmp

Filesize
324KB

Download
memory/924-76-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-78-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-79-0x0000000004A70000-0x0000000004AC3000-memory.dmp

Filesize
332KB

Download
memory/924-82-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-92-0x0000000000940000-0x0000000000962000-memory.dmp

Filesize
136KB

Download
memory/924-85-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-119-0x0000000004A70000-0x0000000004AC3000-memory.dmp

Filesize
332KB

Download
memory/924-60-0x00000000001A0000-0x00000000001AD000-memory.dmp

Filesize
52KB

Download
memory/924-58-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/924-84-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-103-0x0000000004A70000-0x0000000004AC3000-memory.dmp

Filesize
332KB

Download
memory/924-104-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-105-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-106-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-107-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-108-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-109-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-110-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-112-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/924-117-0x0000000001F40000-0x0000000003F40000-memory.dmp

Filesize
32.0MB

Download
memory/1108-116-0x00000000001C0000-0x0000000000202000-memory.dmp

Filesize
264KB

Download
memory/1108-115-0x00000000001C0000-0x0000000000202000-memory.dmp

Filesize
264KB

Download
memory/1108-55-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1108-56-0x00000000001C0000-0x0000000000202000-memory.dmp

Filesize
264KB

Download