669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 05:29

Target

669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333.jar
Size

622KB
MD5

efd645a5c1c5a8ebfee8f1cb2a139920
SHA1

58e80fdbabec6c26ba09d7c34ee075b0be6017c2
SHA256

669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333
SHA512

c886dd8b5a8de9ea791c62e3caaf439387f051214b58085e5037e3eec59a17ee0225f31c12c0737a1b721c98d314dcbfc935ef683e89391f1cbc3d4770d9e709
SSDEEP

12288:y2/TdQOo5CKAGqMJIBKGUuR8PALJj28/VSVjMkbdMY02C+HLzqE:yo5MJ/GhRrLJj28NSVjjbA2hf

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2828	2156	java.exe	29
PID 2156 wrote to memory of 2828	2156	java.exe	29
PID 2156 wrote to memory of 2828	2156	java.exe	29
PID 2828 wrote to memory of 2724	2828	wscript.exe	30
PID 2828 wrote to memory of 2724	2828	wscript.exe	30
PID 2828 wrote to memory of 2724	2828	wscript.exe	30

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\ekmvqyemaq.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\tpsgpdau.txt"
    3⤵
    PID:2724

C:\Users\Admin\AppData\Roaming\tpsgpdau.txt

Filesize
473KB

MD5
219a01e09cd1edb7141255ab597b3b5a

SHA1
d4bb90ac587bbe9e1f9d4e73823575d94d6785a5

SHA256
01c654ad8189e58c33075ca7b995720f1f5b2c8d49b0ce2ac82d323ff40340b1

SHA512
290d72bcfec99ce958d66830ca08a1a41eec0a378249fa421ecd2dc7af073ae85dd7554816f6152b58f6854dcba8f92875bf51d346a0906fdd1b742773c4cb89

Download Submit
C:\Users\Admin\ekmvqyemaq.js

Filesize
941KB

MD5
da53c75c1c309bb790049f22ca7e6115

SHA1
49695a4b21037c34843b6b3c8dea763bac57450a

SHA256
105b9aa94fc7e20214f0423342d860452bf912b51b3b6ed43804affe0c8e23b7

SHA512
4ce6a408490127773f46b89633b474d612065063511f8f07b411ede5ba8b40e19518033e083fc919b708a24c4224581fe37db4e17dcc5fb862a2f7b98c2a82e8

Download Submit
memory/2156-6-0x0000000002700000-0x0000000005700000-memory.dmp

Filesize
48.0MB

Download
memory/2156-10-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2156-13-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2724-26-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2724-28-0x00000000024F0000-0x00000000054F0000-memory.dmp

Filesize
48.0MB

Download
memory/2724-29-0x00000000024F0000-0x00000000054F0000-memory.dmp

Filesize
48.0MB

Download