30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 16:06

Target

Quest Adventure Installer/JRE/bin/javac.exe
Size

20KB
MD5

e148f9f9e80a8388ae99d1bfe98ed7cc
SHA1

803dec16e0af9b80c4d78158067e9d5cd797479b
SHA256

fc70e4a29da6a71a9c3fc349ea597a9c6335dae81064fb2cc8e56f7178324360
SHA512

64924ef308eaed72c23ec131cc69231862ce9f825b97160a114979922f0c20d6e1fa843aa60c7746c2975739f250b05cd65d79f391299a7535b457ad7d640be7
SSDEEP

384:uIaQgPLeq/uEBKF+vKA5ABIYieTFhO0Rz+qEkShqjw:snSqoFOKA51YiUFRz73ShqE

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

javac.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javac.exe

C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\javac.exe
"C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\javac.exe"
1⤵
- Checks processor information in registry
PID:2452

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2452-5-0x000000000A200000-0x000000000A470000-memory.dmp

Filesize
2.4MB

Download
memory/2452-17-0x000000000A790000-0x000000000AA00000-memory.dmp

Filesize
2.4MB

Download
memory/2452-18-0x0000000011CC0000-0x0000000011F30000-memory.dmp

Filesize
2.4MB

Download
memory/2452-19-0x000000000A200000-0x000000000A470000-memory.dmp

Filesize
2.4MB

Download
memory/2452-20-0x0000000011CC0000-0x0000000011F30000-memory.dmp

Filesize
2.4MB

Download
memory/2452-21-0x000000000A790000-0x000000000AA00000-memory.dmp

Filesize
2.4MB

Download