30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

Analysis

max time kernel
117s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 16:06

Target

Quest Adventure Installer/JRE/bin/javac.exe
Size

20KB
MD5

e148f9f9e80a8388ae99d1bfe98ed7cc
SHA1

803dec16e0af9b80c4d78158067e9d5cd797479b
SHA256

fc70e4a29da6a71a9c3fc349ea597a9c6335dae81064fb2cc8e56f7178324360
SHA512

64924ef308eaed72c23ec131cc69231862ce9f825b97160a114979922f0c20d6e1fa843aa60c7746c2975739f250b05cd65d79f391299a7535b457ad7d640be7
SSDEEP

384:uIaQgPLeq/uEBKF+vKA5ABIYieTFhO0Rz+qEkShqjw:snSqoFOKA51YiUFRz73ShqE

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

javac.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javac.exe

C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\javac.exe
"C:\Users\Admin\AppData\Local\Temp\Quest Adventure Installer\JRE\bin\javac.exe"
1⤵
- Checks processor information in registry
PID:1680

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1680-6-0x000001F699CF0000-0x000001F699F60000-memory.dmp

Filesize
2.4MB

Download
memory/1680-16-0x000001F69A280000-0x000001F69A4F0000-memory.dmp

Filesize
2.4MB

Download
memory/1680-17-0x000001F6A17B0000-0x000001F6A1A20000-memory.dmp

Filesize
2.4MB

Download
memory/1680-19-0x000001F699CF0000-0x000001F699F60000-memory.dmp

Filesize
2.4MB

Download
memory/1680-21-0x000001F69A280000-0x000001F69A4F0000-memory.dmp

Filesize
2.4MB

Download
memory/1680-20-0x000001F6A17B0000-0x000001F6A1A20000-memory.dmp

Filesize
2.4MB

Download