Analysis

  • max time kernel
    124s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 18:28

General

  • Target

    ysoserial-all.jar

  • Size

    56.8MB

  • MD5

    5f8b625e5b48ed2691d6314d83d9a7f2

  • SHA1

    f7edfc4e9591e1af51a2cd5f773d75ad4f02be3f

  • SHA256

    2c9bddd6a1a4ec66c1078ea97dacb61eb66d1c41aec7b6d21e3c72214ce170f1

  • SHA512

    f2508b7c0445352fec089dd5aa4ab721649e138fd4c9445dad69ac10deaaf2a62188387a5ad5477dd2349f2e57408d6994185cda0469b1bde767d08807a03a6a

  • SSDEEP

    786432:P8CPtkgwmPJoQcch6Ohf96EyP2JjeUFmI8jM3MXVQNxnbVjACuhLrnPfee:UCPtkgTJXcbFsJjsljM8obVjBGLDX3

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\ysoserial-all.jar
    1⤵
      PID:1644
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2200
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x500
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2476

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1644-2-0x00000000024B0000-0x0000000002720000-memory.dmp

              Filesize

              2.4MB

            • memory/1644-10-0x0000000000140000-0x0000000000141000-memory.dmp

              Filesize

              4KB

            • memory/1644-11-0x0000000000140000-0x0000000000141000-memory.dmp

              Filesize

              4KB

            • memory/1644-16-0x0000000000140000-0x0000000000141000-memory.dmp

              Filesize

              4KB

            • memory/1644-17-0x00000000024B0000-0x0000000002720000-memory.dmp

              Filesize

              2.4MB