Overview

overview

1

Static

static

1

SchnurriTV....1.jar

windows7-x64

1

SchnurriTV....1.jar

windows10-2004-x64

1

Resubmissions

25-08-2023 07:04

230825-hvyglsbd5x 1

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2023 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SchnurriTVs Sexmod-1.5.1.jar

  • Size

    56.6MB

  • MD5

    b443b222cc1f63e85624210a95ad35d2

  • SHA1

    6dc5378119928bb88643513e7a8aaa9aff3fbc79

  • SHA256

    412f3d1e0bfa8e5f08eebd45398579921c2f030f1173732df8e47b819d5794bc

  • SHA512

    a5bcc79a83b409c83a6b1b6289bfa1af3c7963c1761e964690366b01244cc70eae53aef994a0185f5e3bd0d05785a4da85d3f9540c7c2b8246f4301991e8c776

  • SSDEEP

    786432:tzu1twlURpnfcEdUWRtx9FQ+8+V6RFFGoa4mUAo45yO+BfOvTY1sV7PiLnnod4V6:svxbn0mLFss6RFFlG5yOoD1sqLnoWGL

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\SchnurriTVs Sexmod-1.5.1.jar"
    1⤵
      PID:2892
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2748
    • C:\Windows\System32\control.exe
      "C:\Windows\System32\control.exe" SYSTEM
      1⤵
        PID:1896
      • C:\Windows\SysWOW64\DllHost.exe
        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
        1⤵
          PID:2312
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2064

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2064-15-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2064-16-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2064-17-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2064-18-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2748-12-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2748-13-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2748-14-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2892-6-0x0000000002280000-0x0000000005280000-memory.dmp

          Filesize

          48.0MB

          Download

        • memory/2892-10-0x0000000000320000-0x0000000000321000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2892-11-0x0000000002280000-0x0000000005280000-memory.dmp

          Filesize

          48.0MB

          Download