e26048c37d1cada2e883222798add42ea2c3a15216af0800e25c9f3569e6c4f7 | Triage

Resubmissions

30/06/2023, 21:30

230630-1ck3nsfg9s 1

30/06/2023, 21:28

230630-1bqlrseg54 1

Analysis

max time kernel
51s
max time network
40s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30/06/2023, 21:30

Sharing

Report Analysis Logs

General

Target

mcbot-main/MCBOT.jar
Size

4.3MB
MD5

67f180ee8e6f0338db10b6499daf624a
SHA1

a9b471f5476fdc4be9248bef5024b475bba65589
SHA256

04a5547a8bf159523c7401fc0fab2d7055d946952917b090ed3904ee865f163e
SHA512

d009db057fcc02a64ab7d5313cb6029a1a2f7d56cd89efbb1e327e5ab038dab351171e2ced50498e4bdde877037e353a1d5671f56bf62e41dd5376ba5cd79117
SSDEEP

98304:W8tsCCKthmwquqC8rMpuk/L/VV7hq5KWvi5+FZWivUdX:W0sUthrquq25Lj7hWvi5+jWiMN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 936	1152	cmd.exe	31
PID 1152 wrote to memory of 936	1152	cmd.exe	31
PID 1152 wrote to memory of 936	1152	cmd.exe	31

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\mcbot-main\MCBOT.jar
1⤵
PID:2036

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\system32\java.exe
  java -version
  2⤵
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-75-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/936-76-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2036-64-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download