Overview

overview

7

Static

static

1

creepy-sal....1.jar

windows7-x64

1

creepy-sal....1.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    31-10-2023 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    creepy-salhack-2.08.1.jar

  • Size

    6.4MB

  • MD5

    28589fa2ab2d5b249c7abf95bdf89872

  • SHA1

    f597cb29caa3c26a625e96bea14c83b8a0d87e49

  • SHA256

    fd9d0471c958197392bfdc2bb19ea8035fb54564b32b243a371ff3d558dd0b7e

  • SHA512

    e8bcf1e28edaa8da471cb53f17019a3083846b8ed1b363901b8ad6b1f91d0f27fdb74b2d09c98c961ad13a88be05aed5e0c6dc5f32b4ba36dc364ade4a16a3f1

  • SSDEEP

    98304:90R0ZaVZnsSoQZQlXV34uYn0ArpV0TQIpiKlQynOswXv5xpcq+tsljul+tRz8:CIQZQD4ZndeTtpiKdyv5xpp9M+Xo

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 39 IoCs
  • Suspicious behavior: AddClipboardFormatListener 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\creepy-salhack-2.08.1.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4840
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SwitchSubmit.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1188
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SwitchSubmit.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1956
  • C:\Windows\system32\control.exe
    "C:\Windows\system32\control.exe" SYSTEM
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3156
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
      PID:928
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
      1⤵
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4300

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      ca00210658bdaebd954cc1862f434a7a

      SHA1

      035690ecf2e86c20a50efea581c967fa0591f65f

      SHA256

      cd8adfba3e89b0334b26cb8de42dfe5947013003a2bfa29504b581816e306914

      SHA512

      dd4d95c22e14428750d9dc49bb517050685b7798cff88dba4dd07ff437ca4e4ba2f202b4b9046e88a9f692c90da62550db44392a8e683fe0c1f068a2fa14e4e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
      Filesize

      471B

      MD5

      7f72074c707c2853af1226457262ad8f

      SHA1

      5914ea3182f5c45e2515a9a10c84e0d9a4fc7e12

      SHA256

      fff7f02c89a64c5c66c6f697a0c83ddf0195b4371436c02becc7d921c50a2558

      SHA512

      611c3aefb714a0b2be6bb910dc2f2c5d2904162022b5b0f33e10394093c1744884495e7c9f766bcbd00d1adc25a8974e3c70c04d718f018502559e9d0f348c11

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
      Filesize

      412B

      MD5

      4c92e961546bc7fd90b938bc2a29f9e0

      SHA1

      602ac85b4e6df081d3834fadd5b5f09229617fad

      SHA256

      7e289d6b369615681dd7f29ca1a28ce168362733e294f27adb88dd2a4f05bef3

      SHA512

      cf2328a41b7e2a66bd8b5065883d3bd5f3679da5e8457b07b6a4d837992190be8e28e6c9ac7ab10648cd3538a74349d3de17608fd5b81e503a13d2b8f6db614e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
      Filesize

      412B

      MD5

      1ec9cb83b5bac7dd6f4b6ff6de44dc5c

      SHA1

      9cf8100a809740a2194657448d302a22dbcc8a75

      SHA256

      dbe5ce7c2a493557712371b383d26a960f3349ea02463c753bb1ab04a0f83853

      SHA512

      39bc86e5672a5503a2143b6a6b2d16d232c4decdf280bbf0b960949992bb45ee53156515c83d574e68fce1a75ddbdbddb154f9a9525a5e43e6572266931194fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json
      Filesize

      21B

      MD5

      f1b59332b953b3c99b3c95a44249c0d2

      SHA1

      1b16a2ca32bf8481e18ff8b7365229b598908991

      SHA256

      138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

      SHA512

      3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json
      Filesize

      417B

      MD5

      c56ff60fbd601e84edd5a0ff1010d584

      SHA1

      342abb130dabeacde1d8ced806d67a3aef00a749

      SHA256

      200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

      SHA512

      acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json
      Filesize

      87B

      MD5

      e4e83f8123e9740b8aa3c3dfa77c1c04

      SHA1

      5281eae96efde7b0e16a1d977f005f0d3bd7aad0

      SHA256

      6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

      SHA512

      bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json
      Filesize

      14B

      MD5

      6ca4960355e4951c72aa5f6364e459d5

      SHA1

      2fd90b4ec32804dff7a41b6e63c8b0a40b592113

      SHA256

      88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

      SHA512

      8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json
      Filesize

      14B

      MD5

      6ca4960355e4951c72aa5f6364e459d5

      SHA1

      2fd90b4ec32804dff7a41b6e63c8b0a40b592113

      SHA256

      88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

      SHA512

      8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
      Filesize

      2KB

      MD5

      c35656be06fc26dbf52828db0e84d376

      SHA1

      82186da16d2a4644fa42abc5409a9aeaefd8a78d

      SHA256

      cbd7774b7b319303568d7ad587d63c566b96e0c3592a199f73ad92279ebb5cd4

      SHA512

      a5813b346273c6bf4fada32ae89dc2f314b4877be082e83ddbc49e1ab1f9e6e54d94acfc7748384baa837e7d783e02fa630ebc3ad0bded999379e87790659dd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
      Filesize

      2KB

      MD5

      79578c92a5555a81b40c7f33a1a8f673

      SHA1

      296f38235fd8ca8743d66ddabf1cbb4bb5901132

      SHA256

      51858df99ca9af96b07fa4058b2a6ea6443786fa3b235c056dee89c22a617b02

      SHA512

      3b30cbb09128da14b4b06a5d1d4cb82d72be5db347e6ba7978e96b46bc5286021f2f201d38d004f7ba313c35991a57e6f135415c9a85d992eadaf64ebbbccd4b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
      Filesize

      2KB

      MD5

      79578c92a5555a81b40c7f33a1a8f673

      SHA1

      296f38235fd8ca8743d66ddabf1cbb4bb5901132

      SHA256

      51858df99ca9af96b07fa4058b2a6ea6443786fa3b235c056dee89c22a617b02

      SHA512

      3b30cbb09128da14b4b06a5d1d4cb82d72be5db347e6ba7978e96b46bc5286021f2f201d38d004f7ba313c35991a57e6f135415c9a85d992eadaf64ebbbccd4b

      Download Submit

    • C:\Users\Admin\Desktop\~$itchSubmit.docx
      Filesize

      162B

      MD5

      26ae16a3dd7a5b99c1a0c97f058f5ad7

      SHA1

      2b5bd8e0ba08c3094b8c75f329c4928d38f0eaf2

      SHA256

      4d25d8785ee065a104efd7448f8b395897651306fceb910617fc1ac930ca93ee

      SHA512

      8459312083eb92391c1304291d9aa9ea21453ed19a088878ef3dd5bd65ecbb6375104ff0288f48229b5137b85d050930d756c25cbecaae06e21fd7dfba1b74a6

      Download Submit

    • memory/1188-25-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-18-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-124-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-26-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-123-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-122-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-13-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-14-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-15-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-38-0x00007FFAB1F70000-0x00007FFAB1F80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-16-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-17-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-24-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-69-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-20-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-71-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-70-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-23-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-22-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-21-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-19-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-65-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-66-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-67-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1188-68-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-41-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-95-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1956-37-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-72-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-44-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-42-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-40-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-92-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1956-93-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1956-94-0x00007FFAB4170000-0x00007FFAB4180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1956-96-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-45-0x00007FFAB1F70000-0x00007FFAB1F80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1956-97-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-98-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-39-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-36-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-35-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-33-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-30-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1956-31-0x00007FFAF40F0000-0x00007FFAF42E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2548-12-0x000001DEF1440000-0x000001DEF1441000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-2-0x000001DE80000000-0x000001DE81000000-memory.dmp

      Filesize

      16.0MB

      Download