b4566a42eadc945fd6745eac49cd1da99c774def0d2ef075d92511dfc36ab3a2

Analysis

max time kernel
153s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-05-2023 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows/install.exe
Size

110KB
MD5

6f02b91897c4610e024544e035116ac2
SHA1

14e4779a095cfdc44e34219f6f6004e76c6f12c2
SHA256

f63dc2a1d4dba23d5acec28af65f8cc3419584419c09689e170e1ae83bf5d6a4
SHA512

39be399617ae0b402a4354754a2d57efec65cd6b661658b51662263c5aaa3210d3b6f44894b059670ffac3a34526060a82a1821075ad2eba50b96e449dc1cb74
SSDEEP

1536:II8xTv4Wc8MWOwuatcswxdmhI78fhU0YKfOVEQVh4vTLUtYxVfl5HHXiDyoZoFuB:II8GMtiPyfGSfON/A0tqfvHHyDyWoH0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral17/memory/1268-66-0x0000000000400000-0x0000000000442000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

javaw.exe

pid process

1220 javaw.exe

pid	process
1220	javaw.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

install.exe

description	pid	process	target process
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe
PID 1268 wrote to memory of 1220	1268	install.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\Windows\install.exe
"C:\Users\Admin\AppData\Local\Temp\Windows\install.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Users\Admin\AppData\Local\Temp\Windows\resource\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows\resource\jre\bin\javaw.exe" -Xms16777216 -Xmx50331648 -classpath "C:\Users\Admin\AppData\Local\Temp\InstallerData\IAClasses.zip;C:\Users\Admin\AppData\Local\Temp\Windows\resource\jdglue.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData\Execute.zip;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData\Execute.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData\Resource1.zip;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData\Resource1.zip;C:\Users\Admin\AppData\Local\Temp\InstallerData;C:\Users\Admin\AppData\Local\Temp\Windows\InstallerData;" com.zerog.lax.LAX "C:/Users/Admin/AppData/Local/Temp/Windows/install.lax" "C:/Users/Admin/AppData/Local/Temp/lax1D90.tmp"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lax1D90.tmp

Filesize
5KB

MD5
f266641fa17b544fccca81d184ea4cba

SHA1
6d96ff792e17ead4bd4e4d8881c3c5559b71d9c1

SHA256
02ca38bd86f8d8490fc3131299570861a4ee62e7b4bb12bbe4a61cf3ff871a91

SHA512
99999a8840d607e2c21c8e047da6cced2fcc246be3748594a57ecb112ee41ddec77ef2da45b754874f27a0f66ed21da8b03871d634fe20641f0a44def9226428

Download Submit
memory/1220-92-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-70-0x0000000004590000-0x00000000045E1000-memory.dmp

Filesize
324KB

Download
memory/1220-97-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-122-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-67-0x0000000004390000-0x00000000044A2000-memory.dmp

Filesize
1.1MB

Download
memory/1220-121-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-120-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-95-0x0000000005500000-0x0000000005522000-memory.dmp

Filesize
136KB

Download
memory/1220-72-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-73-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-74-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-77-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-93-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-80-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-81-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-82-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-84-0x0000000004A40000-0x0000000004A93000-memory.dmp

Filesize
332KB

Download
memory/1220-89-0x0000000004A40000-0x0000000004A93000-memory.dmp

Filesize
332KB

Download
memory/1220-91-0x0000000000560000-0x000000000057E000-memory.dmp

Filesize
120KB

Download
memory/1220-56-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/1220-79-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-58-0x00000000001C0000-0x00000000001CD000-memory.dmp

Filesize
52KB

Download
memory/1220-57-0x00000000001A0000-0x00000000001B9000-memory.dmp

Filesize
100KB

Download
memory/1220-98-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-99-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-101-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-102-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-103-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-106-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-107-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-119-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-118-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-111-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-112-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-113-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1220-115-0x0000000004A40000-0x0000000004A93000-memory.dmp

Filesize
332KB

Download
memory/1220-116-0x0000000002010000-0x0000000004010000-memory.dmp

Filesize
32.0MB

Download
memory/1268-110-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/1268-109-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/1268-69-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/1268-68-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/1268-66-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download