f97739bf11bd4a220acf6dea9e073afbf9e6dfbff8b563bba1256ec06cc5e5a6

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe
Size

1.9MB
MD5

703a1115e552aa139e4b26733500e584
SHA1

b0e18a417ad95f149ee6db5c44a744925f23b340
SHA256

f97739bf11bd4a220acf6dea9e073afbf9e6dfbff8b563bba1256ec06cc5e5a6
SHA512

424bb8241a91f69153edcaab9fb734dfffd64a50bc1c635bc606917158d120c60c5b6a56a9c795cee782fe2c69754b41d87e337b54140d0b42aba135b4876542
SSDEEP

49152:+WZ0gqRwuMCoWn8iC2elj9hYe3qRNsrtGKT9hCHp1tVxNxrc:vCoW8iCRjcqqRNsr0715A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4200	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4200	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe
4200	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 4200	1312	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe	86
PID 1312 wrote to memory of 4200	1312	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe	86
PID 1312 wrote to memory of 4200	1312	JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe	86

C:\Users\Admin\AppData\Local\Temp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe
"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Users\Admin\AppData\Local\Temp\jds240614484.tmp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240614484.tmp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jds240614484.tmp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe

Filesize
1.6MB

MD5
db617e33f27f294d96bfef2e0df21646

SHA1
febd62a7b905e1ecea0a366b5edd0839c54be1d7

SHA256
aaf107879a63277ab92317c24c0cb476e638483c628964de2b4ef1fbcc05c460

SHA512
9f600b80ccb9593ede90e901e9425fac77da9e4c924ef27b21cfe989cfb5839dcffcbf7292c0f465e123053a69a03750994f65597b43b47ae915a06942d5b430

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240614484.tmp\JavaSetup8u201--TDS SITE USE ONLY THIS VERSION---NOTUP--NOTDOWN.exe

Filesize
1.6MB

MD5
db617e33f27f294d96bfef2e0df21646

SHA1
febd62a7b905e1ecea0a366b5edd0839c54be1d7

SHA256
aaf107879a63277ab92317c24c0cb476e638483c628964de2b4ef1fbcc05c460

SHA512
9f600b80ccb9593ede90e901e9425fac77da9e4c924ef27b21cfe989cfb5839dcffcbf7292c0f465e123053a69a03750994f65597b43b47ae915a06942d5b430

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
3524540643f9fba6a8f36da6e743378d

SHA1
b63e3f1291ad074576f3da62702124e2e9bceee3

SHA256
6a4d3f249de68d157fd6e85d2c5f6b1f32d91c00fb8b6457688cc6a62370ecd8

SHA512
ce797089bc7df4f9297a0c672f5feb2933ffa0a9cbab8b9f2618e4700945d6cfdbc6600f065fdca23524f16a72373f44f6aef33b4aca034df37689dbfb999a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
3524540643f9fba6a8f36da6e743378d

SHA1
b63e3f1291ad074576f3da62702124e2e9bceee3

SHA256
6a4d3f249de68d157fd6e85d2c5f6b1f32d91c00fb8b6457688cc6a62370ecd8

SHA512
ce797089bc7df4f9297a0c672f5feb2933ffa0a9cbab8b9f2618e4700945d6cfdbc6600f065fdca23524f16a72373f44f6aef33b4aca034df37689dbfb999a6e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads