Overview
overview
7Static
static
1Hael9-1.8....er.jar
windows7-x64
1Hael9-1.8....er.jar
windows10-2004-x64
7Hael9-1.8.6/gradlew
ubuntu-18.04-amd64
1Hael9-1.8.6/gradlew
debian-9-armhf
1Hael9-1.8.6/gradlew
debian-9-mips
1Hael9-1.8.6/gradlew
debian-9-mipsel
1Hael9-1.8....ew.bat
windows7-x64
1Hael9-1.8....ew.bat
windows10-2004-x64
7Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 21:58
Static task
static1
Behavioral task
behavioral1
Sample
Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Hael9-1.8.6/gradlew
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral4
Sample
Hael9-1.8.6/gradlew
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral5
Sample
Hael9-1.8.6/gradlew
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral6
Sample
Hael9-1.8.6/gradlew
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral7
Sample
Hael9-1.8.6/gradlew.bat
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Hael9-1.8.6/gradlew.bat
Resource
win10v2004-20240412-en
General
-
Target
Hael9-1.8.6/gradlew.bat
-
Size
2KB
-
MD5
0ea6d812cf51675a8503fe23ae178996
-
SHA1
8751d7831ca6cd1cad48e1475a79596b54b48994
-
SHA256
f4f428c5626b3d90cef3bd4e7fd3ad3ea5760442db8c09d586b5bfe031dbe5e3
-
SHA512
ea052888a8e361670cd7051c6313fc838f579a54288ed391361954f413df699c119236e7371149939045cd3aef48458d4991beed579e3cc1230e3bee1273de8f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exedescription pid process target process PID 2184 wrote to memory of 560 2184 cmd.exe java.exe PID 2184 wrote to memory of 560 2184 cmd.exe java.exe PID 2184 wrote to memory of 560 2184 cmd.exe java.exe PID 2184 wrote to memory of 2668 2184 cmd.exe java.exe PID 2184 wrote to memory of 2668 2184 cmd.exe java.exe PID 2184 wrote to memory of 2668 2184 cmd.exe java.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Hael9-1.8.6\gradlew.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\java.exejava.exe -version2⤵
-
C:\Windows\system32\java.exe"java.exe" "-Dorg.gradle.appname=gradlew" -classpath "C:\Users\Admin\AppData\Local\Temp\Hael9-1.8.6\\gradle\wrapper\gradle-wrapper.jar" org.gradle.wrapper.GradleWrapperMain2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/560-4-0x00000000026E0000-0x00000000056E0000-memory.dmpFilesize
48.0MB
-
memory/560-11-0x0000000000350000-0x0000000000351000-memory.dmpFilesize
4KB
-
memory/560-12-0x0000000000350000-0x0000000000351000-memory.dmpFilesize
4KB
-
memory/2668-22-0x0000000002580000-0x0000000005580000-memory.dmpFilesize
48.0MB
-
memory/2668-23-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/2668-26-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/2668-48-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB
-
memory/2668-52-0x0000000002150000-0x0000000002151000-memory.dmpFilesize
4KB