1fef89523cbb77aaa80a8abc968807e67a3891cae279d80bfe1722dd6f632957

Analysis

max time kernel
1783s
max time network
1708s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Darkness.jar
Size

10.0MB
MD5

889b06b5f00dfce6b9c31d249c665029
SHA1

be17fd10a39721523f21345c54b8148d0a5ddd27
SHA256

1fef89523cbb77aaa80a8abc968807e67a3891cae279d80bfe1722dd6f632957
SHA512

04564c0c09ea8ee563ba85b5c24b64ace4f32e37bc10920293cb169d9e13d27e3b07d9d55db720645f177016dd24971b62d0233c0bb06fca9b7806ef05a16a9a
SSDEEP

196608:y2+/sLJnDkqs39j8JoahXb7js0xD4SIaPqvCAwO:y2+/QJnIqs3xYocL7ArLF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2532	3020	chrome.exe	30
PID 3020 wrote to memory of 2532	3020	chrome.exe	30
PID 3020 wrote to memory of 2532	3020	chrome.exe	30
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2536	3020	chrome.exe	32
PID 3020 wrote to memory of 2416	3020	chrome.exe	33
PID 3020 wrote to memory of 2416	3020	chrome.exe	33
PID 3020 wrote to memory of 2416	3020	chrome.exe	33
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34
PID 3020 wrote to memory of 2448	3020	chrome.exe	34

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Darkness.jar
1⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c49758,0x7fef6c49768,0x7fef6c49778
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1272 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=1372,i,2894699007212112208,16115585996449514194,131072 /prefetch:8
  2⤵
  PID:1792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91df68a5b4b1ec7297c50bcb6a51d945

SHA1
24c2add4a9fe8568de497632fee5841ce7fba667

SHA256
1f8bd229113c775ed80f794467a98252d01469a93eb2fa43c1a51534a80d79e3

SHA512
121678bac082357e8d8c9b54755228163affb67d8621e4f1ca34ec72322391f503c200e1b27d1f7d1c4e8242ab534f7af9ae4cbacaada90840a491456b767c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
9f91fe40eec130da9b26f8863a620ae8

SHA1
188aca1b28b3cd7138791f71c89f87b66cc6d86a

SHA256
8ac387422808f45294c8ee534c31c2cf9bd5ded4d892c1bb8823f6154bd249e6

SHA512
e23528376cbcab79f05533cea142f6090e9e569f40a04575f9ed8be4d0265dd4dabf3dc859a2ccc77d1da67da47bc39f00aeaf80505c377891c6ef54e28a22b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c3c4a0083dba3709d0c567e22bc252c

SHA1
5e45fbe17bae79cad2121b466b1cf405a1ba9c01

SHA256
54517b0a1fd2ceea538b91f78c677723e22d15e2354161df8eaa33525f4e48fa

SHA512
8276c53a78d2332f16cbc92ac6014412104e0f897d9d76fec4f9755b600bd64f202a86c9a8ca0d86990a4f35639ba97cd2af1a9afa5ab8e86538c64578046368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
61ed653b967d7fca9a0b0621c26ba078

SHA1
b25ed03cc6c452a54688db58bcf1ce069648af99

SHA256
1fb65f94d51ee06f267797f53196344246f4616eba3482ec3f4531140cac54bf

SHA512
56c5875a08a86354801ec3a61ca58f25c416f79b494b7c7c180ed88f1a11b24817f99e09c1b3639031d2aa9e3ac38fb22ef70ac696b4c1b3a319e04231b5ad84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7f8cfbe3f745737886ed9e0a5e05bf48

SHA1
f761412b079fe32da01926fefa00c4ef5e0365ed

SHA256
ac6cc370153dc5369370c25a8584129fff4cb38d42963da11eba8cac401cd869

SHA512
e1bd6a4c0b31ce449003d7a5c8e43f0404c5f1ca45d1afad7c2ae9e87f7f275b2150842f057e47d58d3d28fd8f79438a801da84aec8c4ea213c911e9ac12a9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/2080-3-0x00000000024C0000-0x00000000054C0000-memory.dmp

Filesize
48.0MB

Download