d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4

Analysis

max time kernel
14s
max time network
15s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 05:48

Target

d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4.jar
Size

347KB
MD5

21635c271b7446b7e86bb3b447bb91d5
SHA1

959da0fb174a8e4db238d08a3f5076a2f43c0f25
SHA256

d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4
SHA512

6b4bb9d3aac718198413704c908715a360030dfffe2b0a0d701b1e6ee492d996864c62601b24abe9968af7e486a8bfdd1adc488d615f4d56b43a5eac670371db
SSDEEP

6144:CL5PakRJyjlhPPLh8+CnL0F0uPKwp1F18cy3PQd74MWM2BGzPZtfJKoCK8eaFDrC:CL5akRJklhHLnDvf1F18hc74w26PVKdw

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2884	regsvr32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2884	regsvr32.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2700	2480	java.exe	29
PID 2480 wrote to memory of 2700	2480	java.exe	29
PID 2480 wrote to memory of 2700	2480	java.exe	29
PID 2480 wrote to memory of 2700	2480	java.exe	29
PID 2480 wrote to memory of 2700	2480	java.exe	29
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30
PID 2700 wrote to memory of 2884	2700	regsvr32.exe	30

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s C:\Users\Admin\AppData\Local\Temp\\163520.png
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\\163520.png
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2884

C:\Users\Admin\AppData\Local\Temp\163520.png

Filesize
478KB

MD5
8cca982603318de80b079f064ffbe5f1

SHA1
98f371d5bb067d6b7df902b10957fb01ca711468

SHA256
7b1c5147c903892f8888f91c98097c89e419ddcc89958a33e294e6dd192b6d4e

SHA512
d01830992fa6779a38c1d913af41dcf88d8b77d70ee299e4a002ba756d20a5d61ce5364240022a4bbcd44072b59a5000d96c5ce361f0cc7f12b1b077102a4c92

Download Submit
memory/2480-9-0x00000000020F0000-0x00000000050F0000-memory.dmp

Filesize
48.0MB

Download
memory/2480-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2884-15-0x0000000000250000-0x0000000000285000-memory.dmp

Filesize
212KB

Download
memory/2884-16-0x0000000000250000-0x0000000000285000-memory.dmp

Filesize
212KB

Download