1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4

Analysis

max time kernel
185s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NoxusMod.jar
Size

1.4MB
MD5

462734450a265e297b3a3e8ebad04f25
SHA1

da384ae6cf08f161f7ec2bbfbd1e8598c88a7de6
SHA256

1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4
SHA512

7494ee564de93139b90a4a909a3cfbf8229683f54799698b616ac9fb192f45a1667b7832eef71fb7af87fb490900c7796c2d18e1c242ce4ba10de780b4270d3f
SSDEEP

24576:VO+tNLEsGPiCnvnbIcDWsBCTh0z1xwRIRyzVVo719mthe5cW2RegoH9ru0:VO+wpLbbWslfZ2EXmtheyMbK0

Score

7^/10

discovery persistence

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2704	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1716809704852.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3100	java.exe
3100	java.exe
3100	java.exe
3100	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 2704	3100	java.exe	83
PID 3100 wrote to memory of 2704	3100	java.exe	83
PID 3100 wrote to memory of 5084	3100	java.exe	87
PID 3100 wrote to memory of 5084	3100	java.exe	87
PID 3100 wrote to memory of 2408	3100	java.exe	90
PID 3100 wrote to memory of 2408	3100	java.exe	90
PID 2408 wrote to memory of 3272	2408	cmd.exe	92
PID 2408 wrote to memory of 3272	2408	cmd.exe	92

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5084	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\NoxusMod.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2704
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704852.tmp
  2⤵
  - Views/modifies file attributes
  PID:5084
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704852.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704852.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b1b408f4e764b71d6d767cc59650af90

SHA1
f5dcce51787283fa79cb74f427fd054eede02b6b

SHA256
ebb1bba5164e81f1c8cef52dd7cff6acd26b5b5e12626603cfd66b65c92e73c1

SHA512
920154a9b8c93668b4a28065c26802457e524523bde460af807bc84f67a484ac35151bf23d3922950008333e092f6c5f50d6de4a7a2ee0fa2a667ea7d47da222

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704852.tmp

Filesize
1.4MB

MD5
462734450a265e297b3a3e8ebad04f25

SHA1
da384ae6cf08f161f7ec2bbfbd1e8598c88a7de6

SHA256
1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4

SHA512
7494ee564de93139b90a4a909a3cfbf8229683f54799698b616ac9fb192f45a1667b7832eef71fb7af87fb490900c7796c2d18e1c242ce4ba10de780b4270d3f

Download Submit
memory/3100-2-0x0000016BE3C40000-0x0000016BE3EB0000-memory.dmp

Filesize
2.4MB

Download
memory/3100-13-0x0000016BE3EB0000-0x0000016BE3EC0000-memory.dmp

Filesize
64KB

Download
memory/3100-15-0x0000016BE3EC0000-0x0000016BE3ED0000-memory.dmp

Filesize
64KB

Download
memory/3100-17-0x0000016BE3ED0000-0x0000016BE3EE0000-memory.dmp

Filesize
64KB

Download
memory/3100-20-0x0000016BE3EE0000-0x0000016BE3EF0000-memory.dmp

Filesize
64KB

Download
memory/3100-21-0x0000016BE3EF0000-0x0000016BE3F00000-memory.dmp

Filesize
64KB

Download
memory/3100-25-0x0000016BE3F00000-0x0000016BE3F10000-memory.dmp

Filesize
64KB

Download
memory/3100-27-0x0000016BE3F20000-0x0000016BE3F30000-memory.dmp

Filesize
64KB

Download
memory/3100-26-0x0000016BE3F10000-0x0000016BE3F20000-memory.dmp

Filesize
64KB

Download
memory/3100-28-0x0000016BE3C20000-0x0000016BE3C21000-memory.dmp

Filesize
4KB

Download
memory/3100-33-0x0000016BE3F30000-0x0000016BE3F40000-memory.dmp

Filesize
64KB

Download
memory/3100-35-0x0000016BE3C20000-0x0000016BE3C21000-memory.dmp

Filesize
4KB

Download
memory/3100-36-0x0000016BE3F40000-0x0000016BE3F50000-memory.dmp

Filesize
64KB

Download
memory/3100-38-0x0000016BE3F50000-0x0000016BE3F60000-memory.dmp

Filesize
64KB

Download
memory/3100-43-0x0000016BE3F70000-0x0000016BE3F80000-memory.dmp

Filesize
64KB

Download
memory/3100-42-0x0000016BE3F60000-0x0000016BE3F70000-memory.dmp

Filesize
64KB

Download
memory/3100-41-0x0000016BE3C40000-0x0000016BE3EB0000-memory.dmp

Filesize
2.4MB

Download
memory/3100-48-0x0000016BE3F80000-0x0000016BE3F90000-memory.dmp

Filesize
64KB

Download
memory/3100-50-0x0000016BE3EC0000-0x0000016BE3ED0000-memory.dmp

Filesize
64KB

Download
memory/3100-53-0x0000016BE3ED0000-0x0000016BE3EE0000-memory.dmp

Filesize
64KB

Download
memory/3100-54-0x0000016BE3FB0000-0x0000016BE3FC0000-memory.dmp

Filesize
64KB

Download
memory/3100-51-0x0000016BE3FA0000-0x0000016BE3FB0000-memory.dmp

Filesize
64KB

Download
memory/3100-49-0x0000016BE3F90000-0x0000016BE3FA0000-memory.dmp

Filesize
64KB

Download
memory/3100-47-0x0000016BE3EB0000-0x0000016BE3EC0000-memory.dmp

Filesize
64KB

Download
memory/3100-57-0x0000016BE3FC0000-0x0000016BE3FD0000-memory.dmp

Filesize
64KB

Download
memory/3100-56-0x0000016BE3EE0000-0x0000016BE3EF0000-memory.dmp

Filesize
64KB

Download
memory/3100-59-0x0000016BE3EF0000-0x0000016BE3F00000-memory.dmp

Filesize
64KB

Download
memory/3100-60-0x0000016BE3FD0000-0x0000016BE3FE0000-memory.dmp

Filesize
64KB

Download
memory/3100-67-0x0000016BE3F20000-0x0000016BE3F30000-memory.dmp

Filesize
64KB

Download
memory/3100-65-0x0000016BE3F00000-0x0000016BE3F10000-memory.dmp

Filesize
64KB

Download
memory/3100-68-0x0000016BE3FE0000-0x0000016BE3FF0000-memory.dmp

Filesize
64KB

Download
memory/3100-66-0x0000016BE3F10000-0x0000016BE3F20000-memory.dmp

Filesize
64KB

Download
memory/3100-71-0x0000016BE3FF0000-0x0000016BE4000000-memory.dmp

Filesize
64KB

Download
memory/3100-70-0x0000016BE3F30000-0x0000016BE3F40000-memory.dmp

Filesize
64KB

Download
memory/3100-76-0x0000016BE4000000-0x0000016BE4010000-memory.dmp

Filesize
64KB

Download
memory/3100-75-0x0000016BE3F40000-0x0000016BE3F50000-memory.dmp

Filesize
64KB

Download
memory/3100-77-0x0000016BE3C20000-0x0000016BE3C21000-memory.dmp

Filesize
4KB

Download
memory/3100-80-0x0000016BE4010000-0x0000016BE4020000-memory.dmp

Filesize
64KB

Download
memory/3100-79-0x0000016BE3F50000-0x0000016BE3F60000-memory.dmp

Filesize
64KB

Download
memory/3100-83-0x0000016BE3F70000-0x0000016BE3F80000-memory.dmp

Filesize
64KB

Download
memory/3100-85-0x0000016BE4020000-0x0000016BE4030000-memory.dmp

Filesize
64KB

Download
memory/3100-84-0x0000016BE3F90000-0x0000016BE3FA0000-memory.dmp

Filesize
64KB

Download
memory/3100-82-0x0000016BE3F60000-0x0000016BE3F70000-memory.dmp

Filesize
64KB

Download
memory/3100-88-0x0000016BE3F80000-0x0000016BE3F90000-memory.dmp

Filesize
64KB

Download
memory/3100-89-0x0000016BE4030000-0x0000016BE4040000-memory.dmp

Filesize
64KB

Download
memory/3100-93-0x0000016BE3FA0000-0x0000016BE3FB0000-memory.dmp

Filesize
64KB

Download
memory/3100-94-0x0000016BE4040000-0x0000016BE4050000-memory.dmp

Filesize
64KB

Download
memory/3100-97-0x0000016BE4050000-0x0000016BE4060000-memory.dmp

Filesize
64KB

Download
memory/3100-96-0x0000016BE3FB0000-0x0000016BE3FC0000-memory.dmp

Filesize
64KB

Download
memory/3100-98-0x0000016BE3C20000-0x0000016BE3C21000-memory.dmp

Filesize
4KB

Download
memory/3100-101-0x0000016BE4060000-0x0000016BE4070000-memory.dmp

Filesize
64KB

Download
memory/3100-100-0x0000016BE3FC0000-0x0000016BE3FD0000-memory.dmp

Filesize
64KB

Download
memory/3100-105-0x0000016BE4070000-0x0000016BE4080000-memory.dmp

Filesize
64KB

Download
memory/3100-104-0x0000016BE3FD0000-0x0000016BE3FE0000-memory.dmp

Filesize
64KB

Download
memory/3100-106-0x0000016BE3C20000-0x0000016BE3C21000-memory.dmp

Filesize
4KB

Download
memory/3100-107-0x0000016BE3FE0000-0x0000016BE3FF0000-memory.dmp

Filesize
64KB

Download
memory/3100-108-0x0000016BE3FF0000-0x0000016BE4000000-memory.dmp

Filesize
64KB

Download
memory/3100-109-0x0000016BE4000000-0x0000016BE4010000-memory.dmp

Filesize
64KB

Download
memory/3100-110-0x0000016BE4010000-0x0000016BE4020000-memory.dmp

Filesize
64KB

Download
memory/3100-111-0x0000016BE4020000-0x0000016BE4030000-memory.dmp

Filesize
64KB

Download
memory/3100-112-0x0000016BE4030000-0x0000016BE4040000-memory.dmp

Filesize
64KB

Download
memory/3100-113-0x0000016BE4040000-0x0000016BE4050000-memory.dmp

Filesize
64KB

Download
memory/3100-114-0x0000016BE4050000-0x0000016BE4060000-memory.dmp

Filesize
64KB

Download
memory/3100-115-0x0000016BE4060000-0x0000016BE4070000-memory.dmp

Filesize
64KB

Download
memory/3100-116-0x0000016BE4070000-0x0000016BE4080000-memory.dmp

Filesize
64KB

Download
memory/3100-119-0x0000016BE4080000-0x0000016BE4090000-memory.dmp

Filesize
64KB

Download
memory/3100-120-0x0000016BE4080000-0x0000016BE4090000-memory.dmp

Filesize
64KB

Download
memory/3100-123-0x0000016BE4090000-0x0000016BE40A0000-memory.dmp

Filesize
64KB

Download
memory/3100-124-0x0000016BE4090000-0x0000016BE40A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads