1c0d4e984e179ba9b94cb7c011e81f512fb983bc394780f6cbf97192f9b08290

General

Target

Apache-NetBeans-18-bin-windows-x64.exe
Size

466.1MB
MD5

0b1550d3bb912bc35a0805eefa3e455d
SHA1

00e0054cfff64eafbc5452c3ecca12d72148e71e
SHA256

1c0d4e984e179ba9b94cb7c011e81f512fb983bc394780f6cbf97192f9b08290
SHA512

c7c80bcf8ff74057a6c1c0f975e5dea17e6a440988f89ae95772aab320de1263672e9a8d74bae941857499037ed1ff012b232f11d2f3089397f2f285d12803bc
SSDEEP

12582912:DhmCJU8GfO+mk5Um/OXmb+akqBuE1Cz0hyWxWxA7N9:D898Gm+m6/omCakG89WxWxA77

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
516	java.exe
516	java.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\RNDKEY-3779575141444819235	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rndkey-3779575141444819235	java.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
516	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1952	2184	Apache-NetBeans-18-bin-windows-x64.exe	69
PID 2184 wrote to memory of 1952	2184	Apache-NetBeans-18-bin-windows-x64.exe	69
PID 2184 wrote to memory of 3492	2184	Apache-NetBeans-18-bin-windows-x64.exe	71
PID 2184 wrote to memory of 3492	2184	Apache-NetBeans-18-bin-windows-x64.exe	71
PID 2184 wrote to memory of 516	2184	Apache-NetBeans-18-bin-windows-x64.exe	73
PID 2184 wrote to memory of 516	2184	Apache-NetBeans-18-bin-windows-x64.exe	73

C:\Users\Admin\AppData\Local\Temp\Apache-NetBeans-18-bin-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Apache-NetBeans-18-bin-windows-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files\Java\jre1.8.0_66\bin\java.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\\NBI69202.tmp TestJDK
  2⤵
  PID:1952
- C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
  "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\\NBI69202.tmp TestJDK
  2⤵
  PID:3492
- C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
  "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -Djava.io.tmpdir=C:\Users\Admin\AppData\Local\Temp\ -Dnetbeans.default_userdir_root=C:\Users\Admin\AppData\Roaming\NetBeans -Dnetbeans.default_cachedir_root=C:\Users\Admin\AppData\Local\NetBeans\Cache -classpath C:\Users\Admin\AppData\Local\Temp\\NBI69202.tmp\bundle.jar org.netbeans.installer.Installer
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.nbi\tmp\icon.png.3

Filesize
675B

MD5
64483b92ee1623c3c975086b65f92fc6

SHA1
3d423401704853e1309fe9b04b2586a93657498d

SHA256
d0a1d9fd288ec6f6d85e7d146391f3cf2961a1927409c5df1f7d949c59a23ba8

SHA512
1fb2bcc64f9e1aeb8a32c922d15e2227f4a1653256be0b480dc2f456567c37751679e82ab5027e5886f39a7479d5b910d1f5744aabcf282e1bed57b18f1b9789

Download Submit
C:\Users\Admin\.oracle_jre_usage\f9b9f6b8ff8b2b60.timestamp

Filesize
54B

MD5
b6052af1f1d27fbe277dec5653641bf9

SHA1
a6a0dd96de26fcb6df0a4f035cb3eb1968dfc87e

SHA256
d9e6640c13192fcd4b1cff0640533272f6a915a543526126ad0691e01637f41a

SHA512
a0e502955485586a2fe8f3a9f5ea2e24f5faaab1c14b27319ef36b38ebfc9ebc2c2ac3004eb83d433ee8005a37d9a052cfd347245dadee911f7be34ab5ad048b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NBI69202.tmp\TestJDK.class

Filesize
809B

MD5
0e0e49155721b309bba216f0de104c1d

SHA1
6ff021dc6fcaa82dcf06995fa3fa40da89e0a258

SHA256
54a5802e070df74b12184f94a7a0faea701b0984de7249fefad9811013d28308

SHA512
4e533e5cb4f346c429173a4bfc2760363deb677321273cc23c9a80a2a5dccfa44fbec9157436777ae60d65fadaf33a9236e41267ae080acd2a269bec336b9540

Download Submit
C:\Users\Admin\AppData\Local\Temp\NBI69202.tmp\bundle.jar

Filesize
257.2MB

MD5
6e002c8215deff174cff21c9682617ed

SHA1
c21033b4af3213bb187b3889f65a5d10895e9a6c

SHA256
92fca39e7a771c05cf8323028442ace22469f1076ff1026722ecb04d19aad601

SHA512
c82eef63653b58555d678f5a11670bf12d66a194084fe90aa26a73617fdf3b1088544b2058688f1f17397ee46c220e579fc2d9f10f4b68f31cb07e133885561c

Download Submit
\Users\Admin\AppData\Local\Temp\nbi-673877634860506727.tmp

Filesize
19KB

MD5
1c56b6264905ad1e1a04d1c2bb445c77

SHA1
fc15d4cfaf9b0b0a508543d22a3c9cab5a37cd14

SHA256
e20654928a84c5b61bde154e33bdd845fac1ae8c852c1152d5608c5a15edd83a

SHA512
74196770c0f487edef73a728ae65394bea9a1a30bdfad1ee690549ebcea407794be7aa4b646d5e963cf1ff4a0ceef383f4dcd3ad14967f5ef5d54a87343cb6de

Download Submit
\Users\Admin\AppData\Local\Temp\nbi-673877634860506727.tmp

Filesize
19KB

MD5
1c56b6264905ad1e1a04d1c2bb445c77

SHA1
fc15d4cfaf9b0b0a508543d22a3c9cab5a37cd14

SHA256
e20654928a84c5b61bde154e33bdd845fac1ae8c852c1152d5608c5a15edd83a

SHA512
74196770c0f487edef73a728ae65394bea9a1a30bdfad1ee690549ebcea407794be7aa4b646d5e963cf1ff4a0ceef383f4dcd3ad14967f5ef5d54a87343cb6de

Download Submit
memory/516-209-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-231-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-407-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-163-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-383-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-375-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-367-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-353-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-193-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-195-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-194-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-204-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-206-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-336-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-315-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-218-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-229-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-157-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-235-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-240-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-244-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-249-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/516-255-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-271-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-295-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-304-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/516-310-0x0000000003140000-0x0000000004140000-memory.dmp

Filesize
16.0MB

Download
memory/1952-126-0x00000000023C0000-0x00000000033C0000-memory.dmp

Filesize
16.0MB

Download
memory/1952-210-0x00000000023C0000-0x00000000033C0000-memory.dmp

Filesize
16.0MB

Download
memory/1952-133-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2184-173-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2184-134-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3492-137-0x0000000002DC0000-0x0000000003DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3492-147-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads