af27b34c05c79b6f15ee180530fa8e7956d976d6410df17a0d7e20c21352361a

Analysis

max time kernel
239s
max time network
275s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 01:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f3dd1651102ede8e5701ecdf1d7dbacbcb559b9fec5115295539b18c17b6221.jar
Size

184KB
MD5

1e0b1b66ed579403b6953b326a6112be
SHA1

2e3e96ebbb3d9bab1ecab68bf8220dafa9aa7c7b
SHA256

0f3dd1651102ede8e5701ecdf1d7dbacbcb559b9fec5115295539b18c17b6221
SHA512

8bb490ca1c7e7c74ba0aa55e86ae80522d3ac66bd135cee4875dcea39daee79a9bd9f57d7dcd9da9a5d5855612c5e6c3af8432470947c9089f2f3c8db014a1fa
SSDEEP

3072:XITVQMNnfAxP0k6w8H+9DzTHJQ/2kBu6gMlyXT0bS/vRFCrf9C3gH51DAYTaFEvt:uBnIl0k6/EKekB7pbAZFCrfBHYYTIeVn

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2344	wmic.exe
Token: SeSecurityPrivilege	2344	wmic.exe
Token: SeTakeOwnershipPrivilege	2344	wmic.exe
Token: SeLoadDriverPrivilege	2344	wmic.exe
Token: SeSystemProfilePrivilege	2344	wmic.exe
Token: SeSystemtimePrivilege	2344	wmic.exe
Token: SeProfSingleProcessPrivilege	2344	wmic.exe
Token: SeIncBasePriorityPrivilege	2344	wmic.exe
Token: SeCreatePagefilePrivilege	2344	wmic.exe
Token: SeBackupPrivilege	2344	wmic.exe
Token: SeRestorePrivilege	2344	wmic.exe
Token: SeShutdownPrivilege	2344	wmic.exe
Token: SeDebugPrivilege	2344	wmic.exe
Token: SeSystemEnvironmentPrivilege	2344	wmic.exe
Token: SeRemoteShutdownPrivilege	2344	wmic.exe
Token: SeUndockPrivilege	2344	wmic.exe
Token: SeManageVolumePrivilege	2344	wmic.exe
Token: 33	2344	wmic.exe
Token: 34	2344	wmic.exe
Token: 35	2344	wmic.exe
Token: SeIncreaseQuotaPrivilege	2344	wmic.exe
Token: SeSecurityPrivilege	2344	wmic.exe
Token: SeTakeOwnershipPrivilege	2344	wmic.exe
Token: SeLoadDriverPrivilege	2344	wmic.exe
Token: SeSystemProfilePrivilege	2344	wmic.exe
Token: SeSystemtimePrivilege	2344	wmic.exe
Token: SeProfSingleProcessPrivilege	2344	wmic.exe
Token: SeIncBasePriorityPrivilege	2344	wmic.exe
Token: SeCreatePagefilePrivilege	2344	wmic.exe
Token: SeBackupPrivilege	2344	wmic.exe
Token: SeRestorePrivilege	2344	wmic.exe
Token: SeShutdownPrivilege	2344	wmic.exe
Token: SeDebugPrivilege	2344	wmic.exe
Token: SeSystemEnvironmentPrivilege	2344	wmic.exe
Token: SeRemoteShutdownPrivilege	2344	wmic.exe
Token: SeUndockPrivilege	2344	wmic.exe
Token: SeManageVolumePrivilege	2344	wmic.exe
Token: 33	2344	wmic.exe
Token: 34	2344	wmic.exe
Token: 35	2344	wmic.exe
Token: SeIncreaseQuotaPrivilege	1676	wmic.exe
Token: SeSecurityPrivilege	1676	wmic.exe
Token: SeTakeOwnershipPrivilege	1676	wmic.exe
Token: SeLoadDriverPrivilege	1676	wmic.exe
Token: SeSystemProfilePrivilege	1676	wmic.exe
Token: SeSystemtimePrivilege	1676	wmic.exe
Token: SeProfSingleProcessPrivilege	1676	wmic.exe
Token: SeIncBasePriorityPrivilege	1676	wmic.exe
Token: SeCreatePagefilePrivilege	1676	wmic.exe
Token: SeBackupPrivilege	1676	wmic.exe
Token: SeRestorePrivilege	1676	wmic.exe
Token: SeShutdownPrivilege	1676	wmic.exe
Token: SeDebugPrivilege	1676	wmic.exe
Token: SeSystemEnvironmentPrivilege	1676	wmic.exe
Token: SeRemoteShutdownPrivilege	1676	wmic.exe
Token: SeUndockPrivilege	1676	wmic.exe
Token: SeManageVolumePrivilege	1676	wmic.exe
Token: 33	1676	wmic.exe
Token: 34	1676	wmic.exe
Token: 35	1676	wmic.exe
Token: SeIncreaseQuotaPrivilege	1676	wmic.exe
Token: SeSecurityPrivilege	1676	wmic.exe
Token: SeTakeOwnershipPrivilege	1676	wmic.exe
Token: SeLoadDriverPrivilege	1676	wmic.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1696	java.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2344	1696	java.exe	28
PID 1696 wrote to memory of 2344	1696	java.exe	28
PID 1696 wrote to memory of 2344	1696	java.exe	28
PID 1696 wrote to memory of 1676	1696	java.exe	30
PID 1696 wrote to memory of 1676	1696	java.exe	30
PID 1696 wrote to memory of 1676	1696	java.exe	30
PID 1696 wrote to memory of 1804	1696	java.exe	31
PID 1696 wrote to memory of 1804	1696	java.exe	31
PID 1696 wrote to memory of 1804	1696	java.exe	31
PID 1696 wrote to memory of 2276	1696	java.exe	32
PID 1696 wrote to memory of 2276	1696	java.exe	32
PID 1696 wrote to memory of 2276	1696	java.exe	32

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\0f3dd1651102ede8e5701ecdf1d7dbacbcb559b9fec5115295539b18c17b6221.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\System32\Wbem\wmic.exe
  wmic CPU get ProcessorId
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2344
- C:\Windows\System32\Wbem\wmic.exe
  wmic bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1676
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get name
  2⤵
  PID:1804
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-4-0x00000000020F0000-0x00000000050F0000-memory.dmp

Filesize
48.0MB

Download
memory/1696-10-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1696-12-0x00000000020F0000-0x00000000050F0000-memory.dmp

Filesize
48.0MB

Download
memory/1696-19-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1696-39-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1696-48-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1696-49-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads