50f9ae25a259b2e8eb6992f1b6ac901499b154f668d3e75a68c42d9211be7f7c

Analysis

max time kernel
194s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 00:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e34f54f270713bf810f1458ab2f57f6.exe
Size

76KB
MD5

1e34f54f270713bf810f1458ab2f57f6
SHA1

954c46bc70e528ce285076d1695805607e4a1209
SHA256

50f9ae25a259b2e8eb6992f1b6ac901499b154f668d3e75a68c42d9211be7f7c
SHA512

d00211e19e17c1c06c744faf7ddf9d1042a578b1eb66630d91b5cec8e8cc55b039a5cd5eacaf831e30715698ea7435057495061f226baab8bb22ca61ad7e36fc
SSDEEP

1536:n00000mMyX60cBwgMwXSSFP5yLIK45Yw7DEoir7pjVrs2ryrd1vUQuq6:nlJcCnwiiP5bKaYw7oNHs2qo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\AddEnter.shtml	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	1e34f54f270713bf810f1458ab2f57f6.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	1e34f54f270713bf810f1458ab2f57f6.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5045D802-A041-499C-B1AB-B1F5DEB74500}	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5045D802-A041-499C-B1AB-B1F5DEB74500}\LocalServer32	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "jthltxqjshzbtbkj"	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5045D802-A041-499C-B1AB-B1F5DEB74500}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1e34f54f270713bf810f1458ab2f57f6.exe"	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5045D802-A041-499C-B1AB-B1F5DEB74500}\ = "clbrbqxkbjjrbtcb"	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "cwlswvertjwrsxhn"	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "jtrvbhjsewjtswsv"	1e34f54f270713bf810f1458ab2f57f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	1e34f54f270713bf810f1458ab2f57f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	1e34f54f270713bf810f1458ab2f57f6.exe

C:\Users\Admin\AppData\Local\Temp\1e34f54f270713bf810f1458ab2f57f6.exe
"C:\Users\Admin\AppData\Local\Temp\1e34f54f270713bf810f1458ab2f57f6.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2348-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2348-1-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-2-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-3-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-7-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-8-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-9-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-10-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-11-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-12-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-14-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-13-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-15-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-16-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-17-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-19-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-20-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-21-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-22-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-18-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-23-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-24-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-25-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-26-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-28-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-27-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-30-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-29-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-31-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-32-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-33-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-36-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-37-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-38-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-39-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-41-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-42-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-43-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-44-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-46-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-47-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-49-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-50-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-51-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-53-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-52-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-54-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-48-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-55-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-56-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-58-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-57-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-59-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-61-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-62-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-63-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-65-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-64-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-60-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-45-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-40-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2348-1387-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads