f8abe574f9a29264aa7b193d96f37766886297fe40a2a87bff0d60663e3f9df3

Analysis

max time kernel
366s
max time network
1599s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
07/08/2023, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WHH Rat V5.1 Modified By Cracked4You/JavaSetup8u361.exe
Size

2.2MB
MD5

d3809baddaf7b1e7d94484160043328b
SHA1

e1979f5248d3b20858b11386ce22b1ccb0a9bfb5
SHA256

e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079
SHA512

96350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6
SSDEEP

49152:OOt2ad8mKKue2/8cTs0HFTPO86O3jUfkptVx41inlc8z+o2:OOt2yMT/8cTs09RjUu54Ai

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3268	JavaSetup8u361.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3268	JavaSetup8u361.exe
3268	JavaSetup8u361.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 3268	4472	JavaSetup8u361.exe	69
PID 4472 wrote to memory of 3268	4472	JavaSetup8u361.exe	69
PID 4472 wrote to memory of 3268	4472	JavaSetup8u361.exe	69

C:\Users\Admin\AppData\Local\Temp\WHH Rat V5.1 Modified By Cracked4You\JavaSetup8u361.exe
"C:\Users\Admin\AppData\Local\Temp\WHH Rat V5.1 Modified By Cracked4You\JavaSetup8u361.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\jds240629000.tmp\JavaSetup8u361.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240629000.tmp\JavaSetup8u361.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jds240629000.tmp\JavaSetup8u361.exe

Filesize
1.9MB

MD5
442dcacd62016db76c61af770301626f

SHA1
1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

SHA256
8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

SHA512
3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240629000.tmp\JavaSetup8u361.exe

Filesize
1.9MB

MD5
442dcacd62016db76c61af770301626f

SHA1
1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

SHA256
8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

SHA512
3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
e16733587fe11fd0665e260ff0abee8c

SHA1
9bbf42764cd18d2c3baa8069297bd9de822ec94b

SHA256
58f9a39330caa0082158ae4746a4488016577722346b49ac708e408be779c5cf

SHA512
d633b3769e320ea8baff2fef45cbf33f833d7dd16a73abffc8e0710fd5489f82c297ea558bf743f94bda0b6bcbd10fabc77ca93ea2d9131b24f62953555f1dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
268KB

MD5
9299eeed0e4efc206a3e8d46037b4e9a

SHA1
c4cd67ca43baf2a52caebc1871dd5e8432649790

SHA256
134d90bfe8ed4024f0aaed00ded63ef872d434257c110f3cd1d2e410b070beb7

SHA512
e67d79351983036b14833f04b3684c2b38a3e327cc3ff58bd3d670788caabb94edb980fc43d8a93caa3ee156b45097162341f42a4655c5851cce97f94d9ff7e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads