696431978daadd33a28841320659835ba8db8080a535b8f35e9e60701ab8b491

Resubmissions

29-06-2023 14:46

29-06-2023 14:43

max time kernel
142s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2023 14:43

Target

cmdline-tools/bin/avdmanager.bat
Size

2KB
MD5

25b67faa0ea0c974fec73cc1debca0e6
SHA1

61829f12895c84b4d51d8029b458dd3bd438f521
SHA256

b3f30c7965527923691cb71f04515e2d3847abaf57836f588f9d5f918288757c
SHA512

07f529b52bf644bd9feb7b9380b88d20ff0803dacb335a3f17925ef4a9a52412305b1589fd7c77c3da08ad76e9029c9c049ecdaf5c05329ecbf7960b4472693b

Score

5^/10

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{ACB1E43E-129C-47F7-BC8B-60408A0B2DDA}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C40EF82B-5F51-4E3E-BBC2-4C5CE997D359}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9B00D0AC-A321-4455-93CB-0A9B1021BDFD}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BB99752E-9816-4397-9C7E-4CC61C569F21}.catalogItem	svchost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 1156	592	cmd.exe	84
PID 592 wrote to memory of 1156	592	cmd.exe	84
PID 592 wrote to memory of 2172	592	cmd.exe	85
PID 592 wrote to memory of 2172	592	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\avdmanager.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:592
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java.exe -version
  2⤵
  PID:1156
- C:\ProgramData\Oracle\Java\javapath\java.exe
  "java.exe" "-Dcom.android.sdkmanager.toolsdir=C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\\.." -classpath "C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\..\lib\avdmanager-classpath.jar" com.android.sdklib.tool.AvdManagerCli
  2⤵
  PID:2172

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:516

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
9d7a495b5338dd4f2b671f846cc31421

SHA1
a3b58cfba7c5b5b848e3bf505618528ebacb860e

SHA256
3c6282c4e75b5b782de9d80c1cb9e8a67fa64f9c0cc2e5a6a200dea6089121d6

SHA512
4d2ddc2cbe2fa54987112a7f9e22578fbaf62d91de7fd0c4bc5c3211d8114e7cf26831e94394b0fad48fbc6f3f796d9293fa5149b8a4c2a0892e498c223b45b6

Download Submit
memory/1156-144-0x0000000000E60000-0x0000000000E61000-memory.dmp

Filesize
4KB

Download
memory/2172-157-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download