4a6e7e12ae447b26cc9f490a324ba1795444987e7a5a602a167ba0716ad8d911

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11-11-2023 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4a6e7e12ae447b26cc9f490a324ba1795444987e7a5a602a167ba0716ad8d911.jar
Size

220KB
MD5

3aa80dc27ff698e28751aacc44b6c42b
SHA1

75293836c23aec16edb1c565eb3b12721f9ae25f
SHA256

4a6e7e12ae447b26cc9f490a324ba1795444987e7a5a602a167ba0716ad8d911
SHA512

378903c57694a705cfa9bedab0e15e3105e712128d54eafeee5286b810fc25384f3808d9a0eab82e014cce426720597ef3a46ca5e464a9bafac756b8cce2df6d
SSDEEP

6144:8kCHosddmyfyRktOdwfrSSr+9k8raYwhBaSc1SLNgdPAf+:ZzhV+tT+ZGmdof+

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2656	wmic.exe
Token: SeSecurityPrivilege	2656	wmic.exe
Token: SeTakeOwnershipPrivilege	2656	wmic.exe
Token: SeLoadDriverPrivilege	2656	wmic.exe
Token: SeSystemProfilePrivilege	2656	wmic.exe
Token: SeSystemtimePrivilege	2656	wmic.exe
Token: SeProfSingleProcessPrivilege	2656	wmic.exe
Token: SeIncBasePriorityPrivilege	2656	wmic.exe
Token: SeCreatePagefilePrivilege	2656	wmic.exe
Token: SeBackupPrivilege	2656	wmic.exe
Token: SeRestorePrivilege	2656	wmic.exe
Token: SeShutdownPrivilege	2656	wmic.exe
Token: SeDebugPrivilege	2656	wmic.exe
Token: SeSystemEnvironmentPrivilege	2656	wmic.exe
Token: SeRemoteShutdownPrivilege	2656	wmic.exe
Token: SeUndockPrivilege	2656	wmic.exe
Token: SeManageVolumePrivilege	2656	wmic.exe
Token: 33	2656	wmic.exe
Token: 34	2656	wmic.exe
Token: 35	2656	wmic.exe
Token: SeIncreaseQuotaPrivilege	2656	wmic.exe
Token: SeSecurityPrivilege	2656	wmic.exe
Token: SeTakeOwnershipPrivilege	2656	wmic.exe
Token: SeLoadDriverPrivilege	2656	wmic.exe
Token: SeSystemProfilePrivilege	2656	wmic.exe
Token: SeSystemtimePrivilege	2656	wmic.exe
Token: SeProfSingleProcessPrivilege	2656	wmic.exe
Token: SeIncBasePriorityPrivilege	2656	wmic.exe
Token: SeCreatePagefilePrivilege	2656	wmic.exe
Token: SeBackupPrivilege	2656	wmic.exe
Token: SeRestorePrivilege	2656	wmic.exe
Token: SeShutdownPrivilege	2656	wmic.exe
Token: SeDebugPrivilege	2656	wmic.exe
Token: SeSystemEnvironmentPrivilege	2656	wmic.exe
Token: SeRemoteShutdownPrivilege	2656	wmic.exe
Token: SeUndockPrivilege	2656	wmic.exe
Token: SeManageVolumePrivilege	2656	wmic.exe
Token: 33	2656	wmic.exe
Token: 34	2656	wmic.exe
Token: 35	2656	wmic.exe
Token: SeIncreaseQuotaPrivilege	2496	wmic.exe
Token: SeSecurityPrivilege	2496	wmic.exe
Token: SeTakeOwnershipPrivilege	2496	wmic.exe
Token: SeLoadDriverPrivilege	2496	wmic.exe
Token: SeSystemProfilePrivilege	2496	wmic.exe
Token: SeSystemtimePrivilege	2496	wmic.exe
Token: SeProfSingleProcessPrivilege	2496	wmic.exe
Token: SeIncBasePriorityPrivilege	2496	wmic.exe
Token: SeCreatePagefilePrivilege	2496	wmic.exe
Token: SeBackupPrivilege	2496	wmic.exe
Token: SeRestorePrivilege	2496	wmic.exe
Token: SeShutdownPrivilege	2496	wmic.exe
Token: SeDebugPrivilege	2496	wmic.exe
Token: SeSystemEnvironmentPrivilege	2496	wmic.exe
Token: SeRemoteShutdownPrivilege	2496	wmic.exe
Token: SeUndockPrivilege	2496	wmic.exe
Token: SeManageVolumePrivilege	2496	wmic.exe
Token: 33	2496	wmic.exe
Token: 34	2496	wmic.exe
Token: 35	2496	wmic.exe
Token: SeIncreaseQuotaPrivilege	2496	wmic.exe
Token: SeSecurityPrivilege	2496	wmic.exe
Token: SeTakeOwnershipPrivilege	2496	wmic.exe
Token: SeLoadDriverPrivilege	2496	wmic.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2780	java.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2656	2780	java.exe	29
PID 2780 wrote to memory of 2656	2780	java.exe	29
PID 2780 wrote to memory of 2656	2780	java.exe	29
PID 2780 wrote to memory of 2496	2780	java.exe	31
PID 2780 wrote to memory of 2496	2780	java.exe	31
PID 2780 wrote to memory of 2496	2780	java.exe	31
PID 2780 wrote to memory of 2560	2780	java.exe	32
PID 2780 wrote to memory of 2560	2780	java.exe	32
PID 2780 wrote to memory of 2560	2780	java.exe	32
PID 2780 wrote to memory of 2200	2780	java.exe	34
PID 2780 wrote to memory of 2200	2780	java.exe	34
PID 2780 wrote to memory of 2200	2780	java.exe	34

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\NEAS.4a6e7e12ae447b26cc9f490a324ba1795444987e7a5a602a167ba0716ad8d911.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\System32\Wbem\wmic.exe
  wmic CPU get ProcessorId
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2656
- C:\Windows\System32\Wbem\wmic.exe
  wmic bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2496
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get name
  2⤵
  PID:2560
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2780-7-0x0000000002240000-0x0000000005240000-memory.dmp

Filesize
48.0MB

Download
memory/2780-10-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2780-15-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2780-16-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2780-25-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads