Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.java.com...

windows10-2004-x64

8

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-06-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.java.com/en/download/

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.java.com/en/download/
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeec7246f8,0x7ffeec724708,0x7ffeec724718
      2⤵
        PID:4508
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        2⤵
          PID:3368
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4980
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
          2⤵
            PID:728
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
            2⤵
              PID:1696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              2⤵
                PID:464
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                2⤵
                  PID:3052
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
                  2⤵
                    PID:4408
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2056
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                    2⤵
                      PID:752
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                      2⤵
                        PID:3656
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                        2⤵
                          PID:4872
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                          2⤵
                            PID:4020
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                            2⤵
                              PID:5172
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5776 /prefetch:8
                              2⤵
                                PID:5268
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                                2⤵
                                  PID:5276
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:8
                                  2⤵
                                    PID:5392
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,7310340162358600720,15490834241729469304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5728
                                  • C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe
                                    "C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    PID:5856
                                    • C:\Users\Admin\AppData\Local\Temp\jds240637859.tmp\jre-8u411-windows-x64.exe
                                      "C:\Users\Admin\AppData\Local\Temp\jds240637859.tmp\jre-8u411-windows-x64.exe"
                                      3⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5972
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2428
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2584
                                    • C:\Windows\system32\werfault.exe
                                      werfault.exe /h /shared Global\37da66fc6f1947fca3da0a691ce3192d /t 5124 /p 5972
                                      1⤵
                                        PID:5544

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        537815e7cc5c694912ac0308147852e4

                                        SHA1

                                        2ccdd9d9dc637db5462fe8119c0df261146c363c

                                        SHA256

                                        b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                        SHA512

                                        63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        8b167567021ccb1a9fdf073fa9112ef0

                                        SHA1

                                        3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                        SHA256

                                        26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                        SHA512

                                        726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        768B

                                        MD5

                                        1d7486ebe2e443e460564f14d277bf94

                                        SHA1

                                        77aa82608a0e89d328366eb3f5ac6479156adc07

                                        SHA256

                                        9e7297639e439679c2dff0e7a7c4e5bf3936b16a16f2e5e68f13337643078949

                                        SHA512

                                        608e20c72c31ed7ff9a674d05c4c48af3f833f7073ed6cf0b18bf8fa3c1122576c5db22e60fed595dd2552c77f1aa933467e0b8a27ab009eff8595ac5f43de97

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        e86f2afeda06ac6d1e9cf96809be353e

                                        SHA1

                                        b3c8cb8824046427150cac79d0bde827a01105a7

                                        SHA256

                                        8c404f21f9d9c361bce8a382831398c5715a4f1c9b98d6376e25129cd79b0eb5

                                        SHA512

                                        58674d49a01872dc9c4b550eb41137f17a7df6dd165c19b112fb000971b089e1122651bb51f2872519dae76fd8402398964f65151ccd83650f13ef93933f9c03

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        fcc3f8f8460372871750dafaa737a58c

                                        SHA1

                                        be38507e1141dd5ce9081874b29bf66d67879a8c

                                        SHA256

                                        12fa90f8629290f2ada3c9d9c56d277f1dbf0578d244daf5b080080d6541b196

                                        SHA512

                                        a745b037dc8fcc877986e95fee4ea1b314cb50a078896f30402b8ef751ceae1485d44a0fd800a3be32ca550659dbbab89dd7ec25c292d04dc6569ed519e88c93

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        50eb4a7b0065bdb242788936015c7315

                                        SHA1

                                        3fc402a358f2d34daa9fe0177d7bb3e88b33f4ab

                                        SHA256

                                        042cb1ad91b4c304750bbd90c1138128bc61898c7a1fadc4c43f2bf31ede23f1

                                        SHA512

                                        758e975585e117bd68822c199681ff65df4d00eaaad52e79cdd60887a1bfff239eaef7efe68ffa84901b0ca30d0d34a345c878131f907782c506cc0065fb5bbd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        11KB

                                        MD5

                                        de0a12e5447408ede9672887ccc95336

                                        SHA1

                                        7b05d5ed90592e208525c3b529917480b02980b1

                                        SHA256

                                        da304d39d0184dda03820306c0e2920bc48280f1e84ca7a444fd3f766094deef

                                        SHA512

                                        06af1606b65850b587276900b443dfb316d9c643852ac2e96e97f107109cc7a58efbdfd4793727007b437de2c62a3e302c257275811d12b2a33ca0d3d4da6acb

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        10KB

                                        MD5

                                        a742991810644beb9b433862dd9befd8

                                        SHA1

                                        c8d039c1d6ebc8d1486d6d744803a280c4c7954c

                                        SHA256

                                        bace80bf5b05ee6f2b4eb673767b9552d3efeaae09905495319f5b6534a0fd76

                                        SHA512

                                        aafd16fa02a24e195d5badaca0a1e30709d2f954e3a8aaa9548663ae2804848f27e4eba421fc0d8ae92522432434586b02c908697f6b4302a1d3a66ccb8ae726

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\jusched.log
                                        Filesize

                                        296KB

                                        MD5

                                        821b370ccf9ed8f4dc28a60534db442b

                                        SHA1

                                        5bc854054b3367c5399c67906229f31b99ceeea5

                                        SHA256

                                        bb91e575e510e53927e4633061bef0cfa243e0cbc0f3e763ba1947b42296348c

                                        SHA512

                                        aa97722fa9709a929242733f62032f1d64e91545e774fd15e7425f9812a6effec998e6d5734ea866ce12d7ea3a57515ccd23ab39e3ce96a169d1f408399a7967

                                        Download Submit

                                      • memory/5972-306-0x000001E118590000-0x000001E119C07000-memory.dmp

                                        Filesize

                                        22.5MB

                                        Download