Overview

overview

4

Static

static

1

ballmot updated.zip

windows10-1703-x64

1

ballmot up...x.html

windows10-1703-x64

1

ballmot up...rd.jar

windows10-1703-x64

1

ballmot up...in.exe

windows10-1703-x64

4

Resubmissions

05/07/2023, 07:18

230705-h5cmwsba96 4

04/07/2023, 18:19

230704-wykltahg3s 8

Analysis

  • max time kernel
    12s
  • max time network
    73s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05/07/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ballmot updated/jdk-20_windows-x64_bin.exe

  • Size

    160.0MB

  • MD5

    a94e0ed6c292e8b23655e0073af3b0b0

  • SHA1

    41a5c27608137a292ca3d0ca26f512346ecb1ca2

  • SHA256

    deb57e18d47d2e17c559dd2e23b0e3fba2cead025376280d1e7a622162c0e45a

  • SHA512

    16dca126ce2b75e101d79b4d7a4360a3f52d170bbe5dde15d5104c17344d282e357834735016dff48d1ca6eddd32bc4c7860a1e3616a7808a6513824d3ed212c

  • SSDEEP

    3145728:/1x1UomqdNhzKzH5m1z1eRTmOZg9hLHRIv2Wtew6zIAGVvZig+l3W302tPGF0B:9x1UCdNZKzk1z+yR9hLHRfA76zRIvZia

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ballmot updated\jdk-20_windows-x64_bin.exe
    "C:\Users\Admin\AppData\Local\Temp\ballmot updated\jdk-20_windows-x64_bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\jds240686671.tmp\jdk-20_windows-x64_bin.exe
      "C:\Users\Admin\AppData\Local\Temp\jds240686671.tmp\jdk-20_windows-x64_bin.exe"
      2⤵
      • Executes dropped EXE
      PID:1392
      • C:\Windows\System32\msiexec.exe
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk20.0.1_x64\jdk20.0.164.msi" WRAPPER=1
        3⤵
          PID:1364
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3952
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
          PID:4832
          • C:\Windows\System32\MsiExec.exe
            C:\Windows\System32\MsiExec.exe -Embedding 05359E1ACA83A57BC70398FEAD98C33C C
            2⤵
              PID:2344

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk20.0.1_x64\jdk20.0.164.msi
            Filesize

            158.4MB

            MD5

            aaf062e5347282e7ad2eba2f04e622ea

            SHA1

            de93f5045ce99a243136eb6fdf31693427449d93

            SHA256

            cd35cd99207ef6879eb28dd17848d16aef7f5f242d73fb1c0f861a332bb92f6a

            SHA512

            5d1bc596815aaa75cfe2b96c3685a8f666e6095c1df3385154db59e8e57ec9370fcc4af202128f0f2af927b141e5b4ce3628d2d99947bdeec4f948814d4d3128

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI27D1.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI2AD0.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI2C19.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI2C19.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jds240686671.tmp\jdk-20_windows-x64_bin.exe
            Filesize

            159.5MB

            MD5

            8e97972ada691e0dbc2ab48da50f7766

            SHA1

            0b2fc37671b2e1be3e515e4b41ca18070e787616

            SHA256

            8a4ab80c525506dec578f542c217927037d5ff1744caafa5977e7696d8bb18ff

            SHA512

            45927242bef635d856142fb61bd80a02f2b1eec58aab5a884d5563f5bd0f8e168daa2a2c8c7a568ab7871ef2d5c365fcb0b1157c78db47d5fb17935b466315c8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jds240686671.tmp\jdk-20_windows-x64_bin.exe
            Filesize

            159.5MB

            MD5

            8e97972ada691e0dbc2ab48da50f7766

            SHA1

            0b2fc37671b2e1be3e515e4b41ca18070e787616

            SHA256

            8a4ab80c525506dec578f542c217927037d5ff1744caafa5977e7696d8bb18ff

            SHA512

            45927242bef635d856142fb61bd80a02f2b1eec58aab5a884d5563f5bd0f8e168daa2a2c8c7a568ab7871ef2d5c365fcb0b1157c78db47d5fb17935b466315c8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jusched.log
            Filesize

            267KB

            MD5

            74d1be1a43c83e628af61243ac1e63d2

            SHA1

            6c6f19c6862fc54670af90a4ed83bfeb2e7460dc

            SHA256

            79d17f1b3a9d5bfd2034ea88eabec3ad3567ae8adc31c553becd485f0c30f296

            SHA512

            f900a9e6b5412a3860e1ac0f7735cb22176198c4ad4194796f42addd0cdd2b1376ccf9e9db8667284c183f39e46cf8a75a896a57c842cead2e2f4ab601717514

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jusched.log
            Filesize

            274KB

            MD5

            f7af148f1e5aa9efb1d33a2b780fc5cb

            SHA1

            3937c9a942ee40352e8fd493ba340c317b21cc64

            SHA256

            3f73ba45b0479af73a44c56b1ed3085d3cc75c3528dcea3e0002af52a11b4255

            SHA512

            25f82d033a913dc9a335d7a275f4448d39bf40a975e6d472e4275ef7b791449407b1397d4a2967621d8a0b8c1ac596798478883643b10e28b529ea10f43f034d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jusched.log
            Filesize

            285KB

            MD5

            086c5690e12b703c8f86819fbc6e4c34

            SHA1

            f6f17e62b0f51e9259f73aa2bf4cb6a65790afbb

            SHA256

            04437990780a9712979bd3c9775a66e8dba9e927643707cd3f7d0406ab8e223b

            SHA512

            b1950fa1b14a1dd971fc19a252c234c9ba0eafa5e4eeebc345bb636f745e35d4933c56b025b155c446030807702753236569e43d45c8c002698747654094a74b

            Download Submit

          • \Users\Admin\AppData\Local\Temp\MSI27D1.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\MSI2AD0.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\MSI2C19.tmp
            Filesize

            931KB

            MD5

            fd82f8ec5f069f4138402596c01e45de

            SHA1

            27b46e6bc25f6815a7914beba88fba32a6f99df6

            SHA256

            6127912272e0d035a70475fba2d595ab856e9db7d1ec88c8db623b69e8c87b91

            SHA512

            bbeb8d9b56fc8a7134bc325b44388fa2060506cc0e3202cc3f58116f239260912ad05ecc3c038ef1b7d269834da36d09da68c926f23f4013260307ae793127d3

            Download Submit