42fab8d9b5b5b227ea2395002b442255f7908544385e90632abb1ec094e9946d

Analysis

max time kernel
1200s
max time network
1171s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
15-04-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u401-windows-x64.exe
Size

64.4MB
MD5

af1d24091758f1e02d51dc5f5297c932
SHA1

dc3f98dded6c1f1e363db6752c512e01ac9433f3
SHA256

e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd
SHA512

8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756
SSDEEP

1572864:v7p5VFBCjL4FwlRN2Adn3aQrJlPVYIcBO7:vGTW63aEiIcBS

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1260	jre-8u401-windows-x64.exe
3708	jre-8u401-windows-x64.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1260	jre-8u401-windows-x64.exe
1260	jre-8u401-windows-x64.exe
3708	jre-8u401-windows-x64.exe
920	105.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 1260	4384	jre-8u401-windows-x64.exe	81
PID 4384 wrote to memory of 1260	4384	jre-8u401-windows-x64.exe	81
PID 1372 wrote to memory of 3708	1372	jre-8u401-windows-x64.exe	87
PID 1372 wrote to memory of 3708	1372	jre-8u401-windows-x64.exe	87

C:\Users\Admin\AppData\Local\Temp\jre-8u401-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u401-windows-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Users\Admin\AppData\Local\Temp\jds240607750.tmp\jre-8u401-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240607750.tmp\jre-8u401-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\jre-8u401-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u401-windows-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Users\Admin\AppData\Local\Temp\jds240774343.tmp\jre-8u401-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240774343.tmp\jre-8u401-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3708

C:\Users\Admin\AppData\Local\Temp\105.exe
"C:\Users\Admin\AppData\Local\Temp\105.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jds240607750.tmp\jre-8u401-windows-x64.exe

Filesize
64.0MB

MD5
96d622d62567def49ad8999324a66709

SHA1
5a4749631631d97e9db816f5cca2392e69d0b7d9

SHA256
953b06705f72bfffac774c41ceb359fe1d3f8a0c5d6a44f93597ce9c39399994

SHA512
c2d350895f47c5164138d2e3befbeb0acda8097a7904a28d9ad9db70ea0aabb3ec54a476dcb2746a41308fb79616d810305c53f7e23a4856a3f9eb656896de0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
157KB

MD5
dda123744a0f906b37937e9e502d3604

SHA1
f606a09c5863ab3356cd304b37acba5f198a5a68

SHA256
8f8f0007414ef9f8f2e031d93bde95ab1e507a082b9205712ef38c73281555aa

SHA512
4a67ef330bd128861e7fcb22f038f60f82a5eaeb0497f58e8e6a62e12b403fd49f5ac7191c15705b3ee2a87fad0641b4d7de4e85f4d4c772162058949107ca3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
176KB

MD5
1872fbf233cae047fd5387663b366ac5

SHA1
70bd17346e9070b73783dcd9afeb77d5ceb0689b

SHA256
f6d88282ec656adab9434f188c8e26806eaff35af96011d35a524c8dc038eb66

SHA512
a3278de231c78ba8f9226d88a5c0164b2042b8f1ff6ddf7eba8fa3e81d714cef8313cb297c6f79c03f791b9c1d8eaaa196950e533d9f8e8e2dda2f6e04f60972

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
191KB

MD5
a73255183147b65931fa10857e9d7c9e

SHA1
f0ed7e74548f12d52f872531010c12a00bc298ec

SHA256
26dbbddfa1b3051075fb01c08a5c3c163683a1c5d01479415eda37e1056a4f2b

SHA512
32c19a51ca85b661b9413bdce8e4f30802eda1856a6aabaae9e05ee4d58a54ce48177eadf74ffb31d53db6a526708927cf0cb8fffcdf095354fb8c5329afa347

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
192KB

MD5
ffdba56cc1d599d286b113bd871af671

SHA1
6762cc4d360826d1b7ea945bc07ef1c4ef901f58

SHA256
b1c40171060ddf937c2fede41244aaaedade7d1770d1ba833fe394740a28956e

SHA512
17255259ec5f1effda1c846edbd5a12ef31f7c911ae94ecfb145875d3043fb0a5e4ecb7d7a5edb4f26151898fe0e79d60fafd9ed25c51020f889bb61c3bd145c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
154KB

MD5
82aa98fd77600fa90946faf12fc39241

SHA1
73e78bebc4b898c787561d2b826344094146b192

SHA256
30d8e27df2240eb2cecd6c866d6d1edca4b26594e313dee15cc9f651ba2cdaea

SHA512
52dce8492778f37056ebc7734853dbac17239256628add326a6560f11ee83a0431c17d8f3b0e177f8570c38d0a86a965242189996a876d51be67bb4326263c8b

Download Submit
memory/920-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads