ede13da573f8e0d4b5e83dbdc75141f94086973df7a36c9e0566a5adbbd02439

Resubmissions

11/05/2024, 12:08

240511-pbbxtsfc7v 7

11/05/2024, 12:04

240511-n8n3zsaa73 7

Analysis

max time kernel
48s
max time network
17s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

howtowalk.jar
Size

309KB
MD5

a35ff3857ad79b569726f3e9fd838b99
SHA1

d0315cb33d8240cdcbefbaa8d9cfdf3a7405150f
SHA256

ede13da573f8e0d4b5e83dbdc75141f94086973df7a36c9e0566a5adbbd02439
SHA512

58af5f6d1ae73aacb19dc66c5e58ead8c3f6d67de670662aa9158660d2b8617e59f376a521cef690853affea2447e43f9305d8ba2c096d303503d6403afb0197
SSDEEP

6144:xlM0KpRyXenT1shRpdOJOKTvyVBLWAj9jDuGu11sYOAClA0gxyCEmiDcC:xCLR+enTe1dOJN8aAJ/QbjCUxREmU

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2360	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	java.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2360	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2040	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2040	java.exe
2040	java.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\howtowalk.jar
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2040

C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-2-0x0000000002530000-0x00000000027A0000-memory.dmp

Filesize
2.4MB

Download
memory/2040-10-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-11-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-20-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-26-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/2040-27-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/2040-28-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-36-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-37-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-38-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-40-0x0000000002530000-0x00000000027A0000-memory.dmp

Filesize
2.4MB

Download
memory/2040-41-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2040-42-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/2040-43-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/2360-49-0x000007FEF448E000-0x000007FEF448F000-memory.dmp

Filesize
4KB

Download
memory/2360-51-0x0000000001E00000-0x0000000001E08000-memory.dmp

Filesize
32KB

Download
memory/2360-52-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-53-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-50-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

Filesize
2.9MB

Download
memory/2360-54-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-55-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-56-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-59-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download
memory/2360-63-0x000007FEF41D0000-0x000007FEF4B6D000-memory.dmp

Filesize
9.6MB

Download