267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-04-2024 12:30

Target

DISTINCTIOQ.jar
Size

337KB
MD5

e3201b7efe4dee74389d9c358f3c1798
SHA1

560a5875a00a75829ce916564f6dc3eee13d2c42
SHA256

267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b
SHA512

d90e4db4066625e48509225e3e4028187c40fe401afafef92e20e967ea3370d0b41b170658936781ca1e1ca68b6d02766f9d97b2f5c910e8d33731828bb5e21b
SSDEEP

6144:nAqn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDXVP:AA4qfA93BdTk3OeFXg3iDWhP

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2548	regsvr32.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2668	2204	java.exe	29
PID 2204 wrote to memory of 2668	2204	java.exe	29
PID 2204 wrote to memory of 2668	2204	java.exe	29
PID 2204 wrote to memory of 2668	2204	java.exe	29
PID 2204 wrote to memory of 2668	2204	java.exe	29
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30
PID 2668 wrote to memory of 2548	2668	regsvr32.exe	30

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\DISTINCTIOQ.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s C:\Users\Admin\AppData\Local\Temp\\761790.png
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\\761790.png
    3⤵
    - Loads dropped DLL
    PID:2548

C:\Users\Admin\AppData\Local\Temp\761790.png

Filesize
476KB

MD5
68fa8377c75a2b457e33f538021a4db6

SHA1
c9af9f7ea0e773ec5bc585abf7d471a0bd130081

SHA256
839550463e4e5ce3fa738378529b1e818405967413a4351d3790eee5c10a3ef2

SHA512
94567f7688dbe46b8c29b7a5061927b3fb8f83f58817b85fe509c035c4724fd1e81308f04195c1a464ad194f5362ea544678492d08a49d25bf56a6db4d10b824

Download Submit
memory/2204-9-0x0000000002670000-0x0000000005670000-memory.dmp

Filesize
48.0MB

Download
memory/2204-12-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x00000000007A0000-0x00000000007D4000-memory.dmp

Filesize
208KB

Download
memory/2548-16-0x00000000007A0000-0x00000000007D4000-memory.dmp

Filesize
208KB

Download