0150757960d76e297a94bb74b649de791162de8937726072a2b16f14cbbd48f0

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1710149878178plugin_5810933828966654232_ot5QiEdAa0DAZ8_1710149878178.jar
Size

11KB
MD5

b28ee3998367e05178e19d5ff534ca8e
SHA1

be92380f22e51df968ea926012e18fac8ce78a99
SHA256

6caa6240c59193057f92802052d60736b41c66428c4902f8b72bc241a6fe1af1
SHA512

80239f45e933cdf9b1ec4935f2c98e0eb7938c1d52c9fe240ed776abc1f8a44f1f1abdf5ea8b4adcb857a96b2dd9c0db41c7a9a1d52e8e7a0ca6bdcd0a88e152
SSDEEP

192:8m0LydBfF2ul4+FXfNYCFn/J9FSL5TjsM9SZ5+:wyd5lvNTF/3AV39

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3032	1936	java.exe	29
PID 1936 wrote to memory of 3032	1936	java.exe	29
PID 1936 wrote to memory of 3032	1936	java.exe	29

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\1710149878178plugin_5810933828966654232_ot5QiEdAa0DAZ8_1710149878178.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Java\jre7\bin\java.exe
  "C:\Program Files\Java\jre7\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\~spawn4136443910887576264.tmp.dir gyzfoOfTzt.Payload
  2⤵
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~spawn4136443910887576264.tmp.dir\gyzfoOfTzt.dat

Filesize
76B

MD5
ba325c383c2b2643d3fca24445683d48

SHA1
6088522ea3e0eaa1eab8f4cc1c38c80dd0cdb841

SHA256
cd6bb50c23078fd399d4b87a034ada801819daf4d6b8b7b60a01069378a19836

SHA512
63472f3fddf32f8a3bdcd52677e0870505802b677679495392c72c24faf3d455f13bb753b2b5218c895bf95f7d8e44591e48e4c74be62989241c53ae3eabf3b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~spawn4136443910887576264.tmp.dir\gyzfoOfTzt\Payload.class

Filesize
8KB

MD5
5cfb25f4f15cf432ce1c3bea5a6c9756

SHA1
433932ecac70768762ec16f55773975e9d0f492d

SHA256
cbe9a380e440d3b35f2d32ce7782582276a5437ec97c23dccd6deb901e4e56d5

SHA512
56d33f8906373fcda14461bedcaa06ae62a4f3396f650a4aa246c673e56311e4c7049cf578c183af3b45b8cc0ac69c5f72c10a75e7b8b01589966b454e31b7cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-406356229-2805545415-1236085040-1000\83aa4cc77f591dfc2374580bbd95f6ba_4c23b8b8-1f37-4b25-86d9-da21829a4de6

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1936-6-0x0000000002230000-0x0000000005230000-memory.dmp

Filesize
48.0MB

Download
memory/1936-19-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1936-29-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3032-27-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/3032-30-0x0000000002290000-0x0000000005290000-memory.dmp

Filesize
48.0MB

Download
memory/3032-32-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads