ce546725ff88659bf851de96f510ca5768c1e0f02eb25bdab6785b554bcee662

Analysis

max time kernel
110s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

105/105.exe
Size

18.3MB
MD5

3ad1d296b16ea126a957792ab1309627
SHA1

1eafb71597a069cbe60f8c9643dbfaea85350fb6
SHA256

0c9c3e0b90168c3b0c6e19e86debb614aaad8a97e8db0e0e5933d2b387e5b12c
SHA512

f76b6581d633a36e98ecdd98317fac5736e729448b515414ae0f45192cb5273a41cdb19c7badba2c0e9581eb60b6d1f38d363f89a73f7197c13fa5e70d84432b
SSDEEP

393216:+00cFnANxacJAg6ZElIlTFGw0CKM8FZPG6IOyS/Uv/PhHv:+1cFnaXOZ8ITFGCkFOe0P

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 3292	1816	105.exe	84
PID 1816 wrote to memory of 3292	1816	105.exe	84
PID 1816 wrote to memory of 3292	1816	105.exe	84
PID 1816 wrote to memory of 2268	1816	105.exe	85
PID 1816 wrote to memory of 2268	1816	105.exe	85
PID 1816 wrote to memory of 2268	1816	105.exe	85

C:\Users\Admin\AppData\Local\Temp\105\105.exe
"C:\Users\Admin\AppData\Local\Temp\105\105.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Users\Admin\AppData\Local\Temp\105\Addons\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\105\Addons\bin\javaw.exe" -version
  2⤵
  PID:3292
- C:\Users\Admin\AppData\Local\Temp\105\Addons\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\105\Addons\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\105\105.exe"
  2⤵
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\494c679954cfa059.timestamp

Filesize
61B

MD5
ccc88239215d2941d6ca7943d64c01a2

SHA1
f9081517402a90141ebc369cf8f43fea5dabb1c6

SHA256
4fea2d705c034b60f19294efe094bf10b446ee2b4e78ffdfa18872415b2201d2

SHA512
783e4558a31dd0cc7ff1d7b04f5cb24431e8e2eb1cb08a856fadeeb462bad9f9e505da9ff61867656f8b042c97fa2d2ed96084d48ec7cb9524861544c0bb06fc

Download Submit
memory/1816-30-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1816-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2268-55-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/2268-70-0x0000000002478000-0x0000000002480000-memory.dmp

Filesize
32KB

Download
memory/2268-74-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/2268-42-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/2268-73-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/2268-72-0x0000000002480000-0x0000000002488000-memory.dmp

Filesize
32KB

Download
memory/2268-62-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/2268-64-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2268-68-0x0000000002470000-0x0000000002478000-memory.dmp

Filesize
32KB

Download
memory/2268-69-0x0000000002410000-0x0000000002418000-memory.dmp

Filesize
32KB

Download
memory/2268-71-0x00000000023D0000-0x00000000043D0000-memory.dmp

Filesize
32.0MB

Download
memory/3292-27-0x00000000024D0000-0x00000000044D0000-memory.dmp

Filesize
32.0MB

Download
memory/3292-10-0x00000000024D0000-0x00000000044D0000-memory.dmp

Filesize
32.0MB

Download
memory/3292-11-0x00000000024D0000-0x00000000044D0000-memory.dmp

Filesize
32.0MB

Download
memory/3292-21-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads