1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4

Analysis

max time kernel
193s
max time network
197s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27/05/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NoxusMod.jar
Size

1.4MB
MD5

462734450a265e297b3a3e8ebad04f25
SHA1

da384ae6cf08f161f7ec2bbfbd1e8598c88a7de6
SHA256

1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4
SHA512

7494ee564de93139b90a4a909a3cfbf8229683f54799698b616ac9fb192f45a1667b7832eef71fb7af87fb490900c7796c2d18e1c242ce4ba10de780b4270d3f
SSDEEP

24576:VO+tNLEsGPiCnvnbIcDWsBCTh0z1xwRIRyzVVo719mthe5cW2RegoH9ru0:VO+wpLbbWslfZ2EXmtheyMbK0

Score

7^/10

discovery persistence

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1032	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1716809704588.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3940	java.exe
3940	java.exe
3940	java.exe
3940	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1032	3940	java.exe	81
PID 3940 wrote to memory of 1032	3940	java.exe	81
PID 3940 wrote to memory of 340	3940	java.exe	84
PID 3940 wrote to memory of 340	3940	java.exe	84
PID 3940 wrote to memory of 712	3940	java.exe	86
PID 3940 wrote to memory of 712	3940	java.exe	86
PID 712 wrote to memory of 2624	712	cmd.exe	88
PID 712 wrote to memory of 2624	712	cmd.exe	88

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
340	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\NoxusMod.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1032
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704588.tmp
  2⤵
  - Views/modifies file attributes
  PID:340
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704588.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:712
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704588.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9dd440cbcbee8bf92906793389f287b4

SHA1
278ad0ff1b4d8fa5842f6ae4b60b83a377915b5c

SHA256
194e9988ec59c88dd6275a318cd61d14cc6ae6fc0c54ca2833f2bea66e6773b6

SHA512
6e3549911eea92cb9fef7b729c925d1db762a1a6a770815c4a524c00c5d43fdbb921bf247e0ebbe56d5d726366fe8681aec9553a06805155f0c78c74124581eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1716809704588.tmp

Filesize
1.4MB

MD5
462734450a265e297b3a3e8ebad04f25

SHA1
da384ae6cf08f161f7ec2bbfbd1e8598c88a7de6

SHA256
1179aeeafbdaeb7b6ffbc070551c440eb7dfe9786d50dc5beb415bb2f17eded4

SHA512
7494ee564de93139b90a4a909a3cfbf8229683f54799698b616ac9fb192f45a1667b7832eef71fb7af87fb490900c7796c2d18e1c242ce4ba10de780b4270d3f

Download Submit
memory/3940-2-0x00000229C1CC0000-0x00000229C1F30000-memory.dmp

Filesize
2.4MB

Download
memory/3940-14-0x00000229C1F30000-0x00000229C1F40000-memory.dmp

Filesize
64KB

Download
memory/3940-15-0x00000229C1F40000-0x00000229C1F50000-memory.dmp

Filesize
64KB

Download
memory/3940-17-0x00000229C1F50000-0x00000229C1F60000-memory.dmp

Filesize
64KB

Download
memory/3940-19-0x00000229C1F60000-0x00000229C1F70000-memory.dmp

Filesize
64KB

Download
memory/3940-22-0x00000229C1F70000-0x00000229C1F80000-memory.dmp

Filesize
64KB

Download
memory/3940-23-0x00000229C1F80000-0x00000229C1F90000-memory.dmp

Filesize
64KB

Download
memory/3940-25-0x00000229C1F90000-0x00000229C1FA0000-memory.dmp

Filesize
64KB

Download
memory/3940-26-0x00000229C03A0000-0x00000229C03A1000-memory.dmp

Filesize
4KB

Download
memory/3940-31-0x00000229C1FA0000-0x00000229C1FB0000-memory.dmp

Filesize
64KB

Download
memory/3940-33-0x00000229C03A0000-0x00000229C03A1000-memory.dmp

Filesize
4KB

Download
memory/3940-36-0x00000229C1FC0000-0x00000229C1FD0000-memory.dmp

Filesize
64KB

Download
memory/3940-35-0x00000229C1FB0000-0x00000229C1FC0000-memory.dmp

Filesize
64KB

Download
memory/3940-40-0x00000229C1FD0000-0x00000229C1FE0000-memory.dmp

Filesize
64KB

Download
memory/3940-43-0x00000229C1FE0000-0x00000229C1FF0000-memory.dmp

Filesize
64KB

Download
memory/3940-42-0x00000229C1F30000-0x00000229C1F40000-memory.dmp

Filesize
64KB

Download
memory/3940-39-0x00000229C1CC0000-0x00000229C1F30000-memory.dmp

Filesize
2.4MB

Download
memory/3940-46-0x00000229C1FF0000-0x00000229C2000000-memory.dmp

Filesize
64KB

Download
memory/3940-45-0x00000229C1F40000-0x00000229C1F50000-memory.dmp

Filesize
64KB

Download
memory/3940-47-0x00000229C2000000-0x00000229C2010000-memory.dmp

Filesize
64KB

Download
memory/3940-50-0x00000229C2010000-0x00000229C2020000-memory.dmp

Filesize
64KB

Download
memory/3940-49-0x00000229C1F50000-0x00000229C1F60000-memory.dmp

Filesize
64KB

Download
memory/3940-54-0x00000229C2020000-0x00000229C2030000-memory.dmp

Filesize
64KB

Download
memory/3940-53-0x00000229C1F70000-0x00000229C1F80000-memory.dmp

Filesize
64KB

Download
memory/3940-52-0x00000229C1F60000-0x00000229C1F70000-memory.dmp

Filesize
64KB

Download
memory/3940-56-0x00000229C2030000-0x00000229C2040000-memory.dmp

Filesize
64KB

Download
memory/3940-61-0x00000229C2040000-0x00000229C2050000-memory.dmp

Filesize
64KB

Download
memory/3940-60-0x00000229C1F80000-0x00000229C1F90000-memory.dmp

Filesize
64KB

Download
memory/3940-66-0x00000229C2050000-0x00000229C2060000-memory.dmp

Filesize
64KB

Download
memory/3940-65-0x00000229C1F90000-0x00000229C1FA0000-memory.dmp

Filesize
64KB

Download
memory/3940-70-0x00000229C2070000-0x00000229C2080000-memory.dmp

Filesize
64KB

Download
memory/3940-75-0x00000229C2080000-0x00000229C2090000-memory.dmp

Filesize
64KB

Download
memory/3940-74-0x00000229C1FC0000-0x00000229C1FD0000-memory.dmp

Filesize
64KB

Download
memory/3940-73-0x00000229C1FB0000-0x00000229C1FC0000-memory.dmp

Filesize
64KB

Download
memory/3940-69-0x00000229C2060000-0x00000229C2070000-memory.dmp

Filesize
64KB

Download
memory/3940-68-0x00000229C1FA0000-0x00000229C1FB0000-memory.dmp

Filesize
64KB

Download
memory/3940-79-0x00000229C2090000-0x00000229C20A0000-memory.dmp

Filesize
64KB

Download
memory/3940-78-0x00000229C1FD0000-0x00000229C1FE0000-memory.dmp

Filesize
64KB

Download
memory/3940-80-0x00000229C03A0000-0x00000229C03A1000-memory.dmp

Filesize
4KB

Download
memory/3940-84-0x00000229C20A0000-0x00000229C20B0000-memory.dmp

Filesize
64KB

Download
memory/3940-83-0x00000229C1FE0000-0x00000229C1FF0000-memory.dmp

Filesize
64KB

Download
memory/3940-87-0x00000229C1FF0000-0x00000229C2000000-memory.dmp

Filesize
64KB

Download
memory/3940-89-0x00000229C20B0000-0x00000229C20C0000-memory.dmp

Filesize
64KB

Download
memory/3940-88-0x00000229C2000000-0x00000229C2010000-memory.dmp

Filesize
64KB

Download
memory/3940-92-0x00000229C20C0000-0x00000229C20D0000-memory.dmp

Filesize
64KB

Download
memory/3940-91-0x00000229C2010000-0x00000229C2020000-memory.dmp

Filesize
64KB

Download
memory/3940-96-0x00000229C2020000-0x00000229C2030000-memory.dmp

Filesize
64KB

Download
memory/3940-97-0x00000229C20D0000-0x00000229C20E0000-memory.dmp

Filesize
64KB

Download
memory/3940-100-0x00000229C20E0000-0x00000229C20F0000-memory.dmp

Filesize
64KB

Download
memory/3940-99-0x00000229C2030000-0x00000229C2040000-memory.dmp

Filesize
64KB

Download
memory/3940-104-0x00000229C2040000-0x00000229C2050000-memory.dmp

Filesize
64KB

Download
memory/3940-105-0x00000229C20F0000-0x00000229C2100000-memory.dmp

Filesize
64KB

Download
memory/3940-106-0x00000229C03A0000-0x00000229C03A1000-memory.dmp

Filesize
4KB

Download
memory/3940-107-0x00000229C2050000-0x00000229C2060000-memory.dmp

Filesize
64KB

Download
memory/3940-108-0x00000229C2060000-0x00000229C2070000-memory.dmp

Filesize
64KB

Download
memory/3940-109-0x00000229C2070000-0x00000229C2080000-memory.dmp

Filesize
64KB

Download
memory/3940-110-0x00000229C2080000-0x00000229C2090000-memory.dmp

Filesize
64KB

Download
memory/3940-111-0x00000229C2090000-0x00000229C20A0000-memory.dmp

Filesize
64KB

Download
memory/3940-112-0x00000229C20A0000-0x00000229C20B0000-memory.dmp

Filesize
64KB

Download
memory/3940-113-0x00000229C20B0000-0x00000229C20C0000-memory.dmp

Filesize
64KB

Download
memory/3940-114-0x00000229C20C0000-0x00000229C20D0000-memory.dmp

Filesize
64KB

Download
memory/3940-115-0x00000229C20D0000-0x00000229C20E0000-memory.dmp

Filesize
64KB

Download
memory/3940-116-0x00000229C20E0000-0x00000229C20F0000-memory.dmp

Filesize
64KB

Download
memory/3940-117-0x00000229C20F0000-0x00000229C2100000-memory.dmp

Filesize
64KB

Download
memory/3940-119-0x00000229C2100000-0x00000229C2110000-memory.dmp

Filesize
64KB

Download
memory/3940-121-0x00000229C2100000-0x00000229C2110000-memory.dmp

Filesize
64KB

Download
memory/3940-123-0x00000229C2110000-0x00000229C2120000-memory.dmp

Filesize
64KB

Download
memory/3940-124-0x00000229C2110000-0x00000229C2120000-memory.dmp

Filesize
64KB

Download
memory/3940-127-0x00000229C2120000-0x00000229C2130000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads