30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 16:06

Target

Quest Adventure Installer/JRE/bin/java.exe
Size

46KB
MD5

17e95d746b4b9c30f682badcfbebffb7
SHA1

354d8ae7ec9ac0e467f248a8d43c704e683a572b
SHA256

3ab0516b67b52410f07a92504a50243f23ed8a7a51abed0d76a1bee4b0dbefc7
SHA512

bc7b6e0de9106f41253e6e7e18e46dc3ea96515751368b3225fb0757dd90f881529743eb3c376375ef9a599cac914b4215334e23febe58a60ee630e54caad02e
SSDEEP

768:/gqFjM5R2TyJ5R3s8D/bkt5Ruz3Vb3XEA51YiUF5zxBhl:/gSM5RdJ5R3sozkt5RA3XV517UHFx

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

java.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe

C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\java.exe
"C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\java.exe"
1⤵
- Checks processor information in registry
PID:1920

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1920-5-0x000000000A2E0000-0x000000000A550000-memory.dmp

Filesize
2.4MB

Download
memory/1920-15-0x000000000A870000-0x000000000AAE0000-memory.dmp

Filesize
2.4MB

Download
memory/1920-16-0x0000000011DA0000-0x0000000012010000-memory.dmp

Filesize
2.4MB

Download
memory/1920-20-0x000000000A2E0000-0x000000000A550000-memory.dmp

Filesize
2.4MB

Download
memory/1920-22-0x0000000011DA0000-0x0000000012010000-memory.dmp

Filesize
2.4MB

Download
memory/1920-21-0x000000000A870000-0x000000000AAE0000-memory.dmp

Filesize
2.4MB

Download