Overview

overview

7

Static

static

3

tuxguitar.exe

windows7-x64

1

tuxguitar.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tuxguitar.exe

  • Size

    1.5MB

  • MD5

    541b7d3c9b6135357d2c15a22e98c307

  • SHA1

    487ee70a26570e66b8fe09da636d96ca3fdadd22

  • SHA256

    ccb9e8d565d863c539a682af729cdc9a022633a9d43c3e529cf7634030e945c8

  • SHA512

    2917b565aeabb2d34696a35282dab3bdeab25c3f3172d6f7ed8dcb6d0961bee7b106462e75f8ef61a4103bb18880f6bb10464f74640a8a6b2528d51461d79f32

  • SSDEEP

    24576:8CA7haT/l4n5ROEcMKm9QFl0vZNKuDyXGY0bU+gOcsCuT8qhL+2:XT/l4nSeek1dgOcsC3qNx

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tuxguitar.exe
    "C:\Users\Admin\AppData\Local\Temp\tuxguitar.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Djava.library.path=lib -Dtuxguitar.home.path=. -Dtuxguitar.share.path=share -classpath "C:\Users\Admin\AppData\Local\Temp\tuxguitar.exe;.\share;.\dist" org.herac.tuxguitar.app.TGMainSingleton
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5104
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:4932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    ae6a9aa47b7a6e016f1ec0b0fc4c52e2

    SHA1

    b9a570e0bde7379facd92ac169cdcb83e543a355

    SHA256

    b78bbf150be2fabaccee248efa0e44ce8a10eff8ea139246a10818b8b4f6f156

    SHA512

    075884144f497fb8186bf703fb88e025ed58ca559b7f0ad8d43ad7b4611e27aeb7ea04c0d9f262065150a5d29c5869130df6ce8890214f064779fd3970b45a41

    Download Submit

  • memory/3560-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/5104-5-0x0000025347550000-0x0000025348550000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5104-15-0x0000025347530000-0x0000025347531000-memory.dmp

    Filesize

    4KB

    Download