Overview

overview

4

Static

static

1

JavaSetup8u391.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    115s
  • max time network
    112s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-01-2024 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JavaSetup8u391.exe

  • Size

    2.2MB

  • MD5

    029ae246a9b5fd436a1b979e5f4aa54f

  • SHA1

    4ab915f93bc2ea46eda2fcfbf037b956099ada45

  • SHA256

    71d4b153af014ac81576fb91bb97ef6c4640f0486f98c2e4c9bb15b87fb9df58

  • SHA512

    6c3140c1d8dca2be8ad8eb6360318a8cef78e4f31fbee635f0870e0d2bb0f1679948da3b98af1282fe8d586f9f7c3d3a82016f522a1d1447b1e59158146caf31

  • SSDEEP

    49152:XKU/ESvdaU+c0/IVes7kJXBjYOMjUfkptVxOdxiyh:XKU/xvzg/IVeMjUu5C

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JavaSetup8u391.exe
    "C:\Users\Admin\AppData\Local\Temp\JavaSetup8u391.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\jds240605140.tmp\JavaSetup8u391.exe
      "C:\Users\Admin\AppData\Local\Temp\jds240605140.tmp\JavaSetup8u391.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4132
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\ebff05108cc340678efcadb6f8e71dc0 /t 1432 /p 4132
    1⤵
      PID:2204

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\jds240605140.tmp\JavaSetup8u391.exe
      Filesize

      92KB

      MD5

      af4467f0c2486f9064ea945b1f2ed013

      SHA1

      db5cc099418f66153b0e267d9e80e94b9d3e9a44

      SHA256

      ba5cb3a0a3b92e0a25d5e407754a03d7383c7599dd5c224f27b46742a787c64e

      SHA512

      b235491d6b47c241a5f1e213cdf8b33818d263b835c84863170f1b30a0a8a69dcd82e46d03a1d96f6f1a1a6de08ddb33033dfb6f5a1055e57bbc191a1255fa78

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\jusched.log
      Filesize

      183KB

      MD5

      4d1bb79976fee276ee600948475e0830

      SHA1

      4b478fcb3509529f7db838089d894b67a5f3d0ec

      SHA256

      902ae9b6a2aaab2bdd2b98a566b41ad52521936dc67844ec93dddad128b3d398

      SHA512

      b9d2a4e5beb0fceb46e6941cf2adadb539c8e4268dd210b494e2f8b848ef3e582f471db181b795434a82f8a52c3222a14a9b33125da7cc0572f9d23bbf6132dc

      Download Submit