Analysis
-
max time kernel
0s -
max time network
4s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-03-2024 17:53
Static task
static1
Behavioral task
behavioral1
Sample
JDownloaderSetup.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
JDownloaderSetup.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral3
Sample
JDownloaderSetup.exe
Resource
win11-20240221-en
General
-
Target
JDownloaderSetup.exe
-
Size
30.3MB
-
MD5
c3c3b50075bd5c87cf500c255dd833fd
-
SHA1
0b3593f15ebc8424919857d08d016b2cda2b5161
-
SHA256
a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc
-
SHA512
f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d
-
SSDEEP
786432:w+gAvXxM03iJzr2tqG533+iRdJEozAw5P0r:w+tG0SJuJpOdoh90r
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
JDownloaderSetup.exepid process 408 JDownloaderSetup.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OCommonResources.dllFilesize
640KB
MD5d2bb87dca1a656b8f9b9e4f1a69f3a30
SHA1cbce642376eab5e39a8ec2055d96066342eb58a7
SHA25651bd7708d95481501aca1a8e7d76322bc6347574845e8b612dc43388c5198f2f
SHA512cc3967cefc3a8c377db47b3c6c1d83de57ead83db29f6ab9d0bc966abf4066f5f00f022b87d7dff387c1b8c58c4e80577d307adc217dc259c5aebd819b1e81f6
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OCommonResources.dllFilesize
274KB
MD511af151e5600e14ef7ee91cf700ebbf2
SHA173ca59110824c88a4021be9fa3b864c86f7f401d
SHA2560fdf766b873832cf6f02b10cc8987e87919edc62963b37996351f6ae77363e2c
SHA512b27ee55b71f1f711d19ac79db398e102bf1fb759334c430fafa9fdf171004966041f590cc903eac5d73eabe0488b026011cc6522be75be07a4c781293041f4ae
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OCommonResources.dllFilesize
613KB
MD52283965f485bd8cc509c07d28d7d4be7
SHA1cad18e6a763ff5173d698f59fbfe15db4ebbba21
SHA2563c89757db913ed50d59ad9261ff2447bba5cdfde34fbf56b021948d490b5581d
SHA512aa9e0f5b34cce9d9abded6f52b523905f101a5cbb48231b202635d246f1314c5328700c84dfd3b480f7e6a14b2fe9e864c0b2ebe7f63dec12a5e44d3c7618198
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2ODAL.dllFilesize
17KB
MD54f54b457229815dfa6174eecb2cd639b
SHA1401d38258e91c9c3a8d5a5ac5cbc6b2e861301de
SHA2567d3013499d2ec43a6b377ae7ab563248ebcfc09a8f0e4a6bd6a0043292010873
SHA512fb4373b8f6dd5acc88c3cbb10116f394b5ce7bec078ed04da633c620b0e84ac6cfbfc03ad18b335ceb7e43adfc36e0c7eb19920788fa117f6f0d366e0ccb5ffb
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OModels.dllFilesize
78KB
MD57a4ddb62db0d21cea4ab724e4ad732fd
SHA14cdbfac30ac141b6db788c4e4a9eed680ba5ad21
SHA25641547db61fc5e43e0557ceb44670cbc40ea373feb9e7808fa357fded36d7748d
SHA512523fe5f4729b06942c252db908d01c48261ce7224995e4d361f4084321893459850aef8ddd18a25474d3685fdf512dfe2f583c0fb749861cf744df1cc46cf440
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OResources.dllFilesize
20KB
MD5cfb06ff92b4bbbb61eb9fea6b9a866ee
SHA15998200da6c043a82d3f7b37e4770bad80f2787e
SHA256da79b3c64ddf384b3d6c1864c3dd3bad1973f53db14db6623e360e41156ab796
SHA51258197170fad4d931cf3f55b376d1c14d8c86a28a86c7141a0b1faf34025928a28444617565b0924250f6193104cd1b02501ec0ae438083336624fa3d41585525
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OServices.dllFilesize
168KB
MD545631ab991cd733c675a5d0abcea00e8
SHA1acad2f57465173b823541c05588f018559dcf2e7
SHA25621a2bb14ce7a73a1ab28f0178e9c9a3a8add4d893a3934b465f812d8d541155c
SHA5125262134ec99aae19f339d8fa814b583f6f407a84d1edfc6844b06f1907b32ccf29a878adc171392b6d7b49d788aa5c0de7b667be65bc950d86ea1be04184b0e8
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OUtilities.dllFilesize
125KB
MD5e0ffb8f465efc031de785b841564b1fd
SHA1ad8a16e081032d4523ea3e84429f07e3aaf7feef
SHA2561da093c90f1ef01776b506b151ea2b525155344a337b057d1c04665ce1d12de1
SHA5126fa34f9b1e76fd18f3d136d55cf2f2d652756831fbb67db7d4cc2224892483a6b621e7bb4c925db43ab8e999727ed9dda37360358628adb904d4979456b153ac
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OViewModels.dllFilesize
9KB
MD574d840d8263deaa875ce9bf40861625d
SHA1876d6d704e61856f7a4625d13e23254d42383464
SHA256cd201abf119a063673da03e9fe81e4157031993d3f6776ef0afe9c070600d242
SHA512a350612516b364a6f1eed2ea4289b1c68d4aee9e4160811f4537e270307e8e25c0ddfdaba9725913a5dd6fb179483247bad4f4c6cb19db2cca8b2da356854bd3
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\HtmlAgilityPack.dllFilesize
154KB
MD517220f65bd242b6a491423d5bb7940c1
SHA1a33fabf2b788e80f0f7f84524fe3ed9b797be7ad
SHA25623056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f
SHA512bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\MyDownloader.Core.dllFilesize
56KB
MD5f931e960cc4ed0d2f392376525ff44db
SHA11895aaa8f5b8314d8a4c5938d1405775d3837109
SHA2561c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870
SHA5127fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Newtonsoft.Json.dllFilesize
541KB
MD59de86cdf74a30602d6baa7affc8c4a0f
SHA19c79b6fbf85b8b87dd781b20fc38ba2ac0664143
SHA25656032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583
SHA512dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Ninject.dllFilesize
133KB
MD58db691813a26e7d0f1db5e2f4d0d05e3
SHA17c7a33553dd0b50b78bf0ca6974c77088da253eb
SHA2563043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701
SHA512d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\OfferSDK.dllFilesize
177KB
MD5dc6d53b383ae4a1389ec23e676afb866
SHA10bf4672988a05e292b99000ba5bcc805c1b16d0b
SHA25649ee3c4bd541bb0f930ca8743aa72063b182db59548254354b0ccc5276295826
SHA5128f4af4f5384a541e32a27e4489aeb75bd8d9002486ceb281acd62e592f9a3494d85622293b98d7bb5da9cf9f5803873db2bfe2431bfe7f6c9a516c091089367c
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\SciterWrapper.dllFilesize
139KB
MD5f9ccf333b9891dcc26c780593f706227
SHA1159e902ef413c6a7e2a668913c3a7c52ff4833da
SHA256ec5c5e6dabbf9a9cfeef6bb6c5e842c3ee0d5906224b7c30610f736a791ae3dc
SHA51294214410d1b9ff7782abb6efce794ce3f51af2512686055a27dd5875bf34c7b1610ae5fef60f197c8c46259d930eb17ebd887f7b92b01f1182ca266735e1af7e
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.Net.dllFilesize
101KB
MD5f534c11d6a35477b069e3fe23b004394
SHA11e13a0cbbfd33ee4174f2289c9549967c2a28ad2
SHA25628dd9b9fc9d950fc9c5d27bcdb78aa76803ca7aa8dae8311f8e51700b9bb3e21
SHA512b64bcd1796396a4e443a2199ac8d294b6492798dd2c56d067705a673661d8bc7b3b4337cea9000bbc188c9b82969ebfce412af1d071315228f6a50c2dfe915dd
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.dllFilesize
153KB
MD5ceb35d7cf1620eb138a71c23059ff910
SHA16c1ebbfbbc30c8fc02c9742131115d4f760d2ee8
SHA256b551b3066022b08e7da70e9bd191e691f8a26628633bd8524837319201ebd0e9
SHA512dc8847c712f0071ec1d3982e05eb5d79cad22484b8e9e1c3c644607fb8d3f08b00b9b94aaadd84d3bed8e802c677df5a090e08589fef8c3fc246a5cb3ee2d813
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\msvcp140.dllFilesize
426KB
MD58ff1898897f3f4391803c7253366a87b
SHA19bdbeed8f75a892b6b630ef9e634667f4c620fa0
SHA25651398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
SHA512cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\sciter32.dllFilesize
330KB
MD5e2100a577fffd48b58181853d76beffb
SHA1ac28d12958133fb17ddbb5756bc661e3d3e4c63c
SHA256acfe0b50a6b3853690e97970d888fe373d37cdfcff21c2977b95c7c148aab692
SHA512de5eecd7f86761bb848c45c4c703713b0ef852626e8fbab5464dde2d412ac6c9e130fcdfa27caa5a44ac35b21546ffbc22f31e744a7e5a85944a6071ff7aba8a
-
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\vcruntime140.dllFilesize
74KB
MD51a84957b6e681fca057160cd04e26b27
SHA18d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
SHA2569faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
SHA5125f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa
-
memory/408-39-0x0000000007490000-0x00000000074BA000-memory.dmpFilesize
168KB
-
memory/408-136-0x0000000008260000-0x00000000082EC000-memory.dmpFilesize
560KB
-
memory/408-97-0x0000000007600000-0x000000000761D000-memory.dmpFilesize
116KB
-
memory/408-71-0x0000000007590000-0x00000000075B6000-memory.dmpFilesize
152KB
-
memory/408-87-0x0000000007630000-0x000000000765C000-memory.dmpFilesize
176KB
-
memory/408-63-0x0000000007560000-0x0000000007590000-memory.dmpFilesize
192KB
-
memory/408-55-0x0000000007510000-0x000000000752A000-memory.dmpFilesize
104KB
-
memory/408-47-0x00000000074C0000-0x00000000074E8000-memory.dmpFilesize
160KB
-
memory/408-31-0x0000000007450000-0x0000000007458000-memory.dmpFilesize
32KB
-
memory/408-23-0x0000000007020000-0x0000000007052000-memory.dmpFilesize
200KB
-
memory/408-2-0x0000000007060000-0x0000000007070000-memory.dmpFilesize
64KB
-
memory/408-113-0x0000000007BA0000-0x0000000007BB2000-memory.dmpFilesize
72KB
-
memory/408-141-0x000000000CC80000-0x000000000E84C000-memory.dmpFilesize
27.8MB
-
memory/408-142-0x00000000081E0000-0x0000000008202000-memory.dmpFilesize
136KB
-
memory/408-143-0x000000000E850000-0x000000000EBA7000-memory.dmpFilesize
3.3MB
-
memory/408-4-0x00000000047F0000-0x00000000047F8000-memory.dmpFilesize
32KB
-
memory/408-149-0x000000000A7B0000-0x000000000A7BC000-memory.dmpFilesize
48KB
-
memory/408-152-0x000000000F160000-0x000000000F706000-memory.dmpFilesize
5.6MB
-
memory/408-79-0x0000000007500000-0x000000000750A000-memory.dmpFilesize
40KB
-
memory/408-3-0x0000000007070000-0x0000000007454000-memory.dmpFilesize
3.9MB
-
memory/408-158-0x000000000FCD0000-0x0000000010284000-memory.dmpFilesize
5.7MB
-
memory/408-168-0x000000000EDB0000-0x000000000EE42000-memory.dmpFilesize
584KB
-
memory/408-1-0x0000000000640000-0x000000000248E000-memory.dmpFilesize
30.3MB
-
memory/408-0-0x00000000746E0000-0x0000000074E91000-memory.dmpFilesize
7.7MB