Overview

overview

10

Static

static

3

ExCheats Loader.exe

windows10-2004-x64

10

jre/Welcome.html

windows10-2004-x64

1

jre/bin/JA...32.dll

windows10-2004-x64

1

jre/bin/JA...ge.dll

windows10-2004-x64

1

jre/bin/Ja...32.dll

windows10-2004-x64

1

jre/bin/Ja...ge.dll

windows10-2004-x64

1

jre/bin/Wi...32.dll

windows10-2004-x64

3

jre/bin/Wi...ge.dll

windows10-2004-x64

3

jre/bin/awt.dll

windows10-2004-x64

1

jre/bin/bci.dll

windows10-2004-x64

3

jre/bin/cl...vm.dll

windows10-2004-x64

3

jre/bin/dcpr.dll

windows10-2004-x64

1

jre/bin/de...se.dll

windows10-2004-x64

3

jre/bin/deploy.dll

windows10-2004-x64

3

jre/bin/dt_shmem.dll

windows10-2004-x64

3

jre/bin/dt_socket.dll

windows10-2004-x64

1

jre/bin/dt...a1.dll

windows10-2004-x64

1

jre/bin/dt...a1.dll

windows10-2004-x64

3

jre/bin/eula.dll

windows10-2004-x64

1

jre/bin/fo...er.dll

windows10-2004-x64

1

jre/bin/fxplugins.dll

windows10-2004-x64

3

jre/bin/glass.dll

windows10-2004-x64

1

jre/bin/glib-lite.dll

windows10-2004-x64

3

jre/bin/gs...te.dll

windows10-2004-x64

3

jre/bin/hprof.dll

windows10-2004-x64

3

jre/bin/in...nt.dll

windows10-2004-x64

3

jre/bin/j2pcsc.dll

windows10-2004-x64

1

jre/bin/j2pkcs11.dll

windows10-2004-x64

1

jre/bin/jaas_nt.dll

windows10-2004-x64

3

jre/bin/jabswitch.exe

windows10-2004-x64

1

jre/bin/java-rmi.exe

windows10-2004-x64

1

jre/bin/java.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1770s
  • max time network
    1803s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jre/bin/dtplugin/npdeployJava1.dll

  • Size

    886KB

  • MD5

    4fd3548990caf9771b688532def5de48

  • SHA1

    567c27a4ea16775085d8e87a38fe58bec4463f7d

  • SHA256

    bde5df7bcfc35270b57a8982949bf5f25592a2e560a04e9868b84bef83a0ea4b

  • SHA512

    fd2cf2072a786293e30cd495ba06f4734f0cea63cbc49b6d7a24f6891612375e48d1b5758d9408625e769e8a81c7c34f04278e011bcf47edeb8c2afc13aec20c

  • SSDEEP

    24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\jre\bin\dtplugin\npdeployJava1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\jre\bin\dtplugin\npdeployJava1.dll,#1
      2⤵
        PID:1432
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 688
          3⤵
          • Program crash
          PID:2256
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1432 -ip 1432
        1⤵
          PID:2084
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:380

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads