b679c045f7d91f9ab5a0e6f611c9436ab2b655c840830c9944ec9f20071713a9

Analysis

max time kernel
7s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 07:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ddbe02cbb267b48d46401953e07f4f3.jar
Size

166KB
MD5

2ddbe02cbb267b48d46401953e07f4f3
SHA1

208c97b28f0b5edfaf7d91c260bea920c349727a
SHA256

b679c045f7d91f9ab5a0e6f611c9436ab2b655c840830c9944ec9f20071713a9
SHA512

65fc2afd636f78bc8fe383c95880a15eb69e1ae043222c620a1f097c5043f136a621e94bb0e05d53bd97367f5458d5aa5f03088e51261dd021b9963214871147
SSDEEP

3072:ugqugDfcddMKdnviJcSH3zWAgAzqP5mvB9aMcHHdH8zcQ7x5Ehw71y8:xqljcddbscSDWAgAzqP5SfPctQ7zEhMh

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2596	wmic.exe
Token: SeSecurityPrivilege	2596	wmic.exe
Token: SeTakeOwnershipPrivilege	2596	wmic.exe
Token: SeLoadDriverPrivilege	2596	wmic.exe
Token: SeSystemProfilePrivilege	2596	wmic.exe
Token: SeSystemtimePrivilege	2596	wmic.exe
Token: SeProfSingleProcessPrivilege	2596	wmic.exe
Token: SeIncBasePriorityPrivilege	2596	wmic.exe
Token: SeCreatePagefilePrivilege	2596	wmic.exe
Token: SeBackupPrivilege	2596	wmic.exe
Token: SeRestorePrivilege	2596	wmic.exe
Token: SeShutdownPrivilege	2596	wmic.exe
Token: SeDebugPrivilege	2596	wmic.exe
Token: SeSystemEnvironmentPrivilege	2596	wmic.exe
Token: SeRemoteShutdownPrivilege	2596	wmic.exe
Token: SeUndockPrivilege	2596	wmic.exe
Token: SeManageVolumePrivilege	2596	wmic.exe
Token: 33	2596	wmic.exe
Token: 34	2596	wmic.exe
Token: 35	2596	wmic.exe
Token: SeIncreaseQuotaPrivilege	2596	wmic.exe
Token: SeSecurityPrivilege	2596	wmic.exe
Token: SeTakeOwnershipPrivilege	2596	wmic.exe
Token: SeLoadDriverPrivilege	2596	wmic.exe
Token: SeSystemProfilePrivilege	2596	wmic.exe
Token: SeSystemtimePrivilege	2596	wmic.exe
Token: SeProfSingleProcessPrivilege	2596	wmic.exe
Token: SeIncBasePriorityPrivilege	2596	wmic.exe
Token: SeCreatePagefilePrivilege	2596	wmic.exe
Token: SeBackupPrivilege	2596	wmic.exe
Token: SeRestorePrivilege	2596	wmic.exe
Token: SeShutdownPrivilege	2596	wmic.exe
Token: SeDebugPrivilege	2596	wmic.exe
Token: SeSystemEnvironmentPrivilege	2596	wmic.exe
Token: SeRemoteShutdownPrivilege	2596	wmic.exe
Token: SeUndockPrivilege	2596	wmic.exe
Token: SeManageVolumePrivilege	2596	wmic.exe
Token: 33	2596	wmic.exe
Token: 34	2596	wmic.exe
Token: 35	2596	wmic.exe
Token: SeIncreaseQuotaPrivilege	2584	wmic.exe
Token: SeSecurityPrivilege	2584	wmic.exe
Token: SeTakeOwnershipPrivilege	2584	wmic.exe
Token: SeLoadDriverPrivilege	2584	wmic.exe
Token: SeSystemProfilePrivilege	2584	wmic.exe
Token: SeSystemtimePrivilege	2584	wmic.exe
Token: SeProfSingleProcessPrivilege	2584	wmic.exe
Token: SeIncBasePriorityPrivilege	2584	wmic.exe
Token: SeCreatePagefilePrivilege	2584	wmic.exe
Token: SeBackupPrivilege	2584	wmic.exe
Token: SeRestorePrivilege	2584	wmic.exe
Token: SeShutdownPrivilege	2584	wmic.exe
Token: SeDebugPrivilege	2584	wmic.exe
Token: SeSystemEnvironmentPrivilege	2584	wmic.exe
Token: SeRemoteShutdownPrivilege	2584	wmic.exe
Token: SeUndockPrivilege	2584	wmic.exe
Token: SeManageVolumePrivilege	2584	wmic.exe
Token: 33	2584	wmic.exe
Token: 34	2584	wmic.exe
Token: 35	2584	wmic.exe
Token: SeIncreaseQuotaPrivilege	2584	wmic.exe
Token: SeSecurityPrivilege	2584	wmic.exe
Token: SeTakeOwnershipPrivilege	2584	wmic.exe
Token: SeLoadDriverPrivilege	2584	wmic.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2356	java.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2596	2356	java.exe	29
PID 2356 wrote to memory of 2596	2356	java.exe	29
PID 2356 wrote to memory of 2596	2356	java.exe	29
PID 2356 wrote to memory of 2584	2356	java.exe	31
PID 2356 wrote to memory of 2584	2356	java.exe	31
PID 2356 wrote to memory of 2584	2356	java.exe	31
PID 2356 wrote to memory of 2760	2356	java.exe	32
PID 2356 wrote to memory of 2760	2356	java.exe	32
PID 2356 wrote to memory of 2760	2356	java.exe	32

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\2ddbe02cbb267b48d46401953e07f4f3.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\System32\Wbem\wmic.exe
  wmic CPU get ProcessorId
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2596
- C:\Windows\System32\Wbem\wmic.exe
  wmic bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2584
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get name
  2⤵
  PID:2760
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-9-0x00000000024A0000-0x00000000054A0000-memory.dmp

Filesize
48.0MB

Download
memory/2356-13-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2356-17-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads