Malware Analysis Report

2024-11-13 13:27

Sample ID 240603-ndp2ssdh34
Target 5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e
SHA256 5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e

Threat Level: Shows suspicious behavior

The file 5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Modifies file permissions

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 11:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 11:17

Reported

2024-06-03 11:19

Platform

win7-20240221-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe

"C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

C:\Program Files\Java\jre7\bin\javaw.exe

"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1716-3-0x0000000002610000-0x0000000002880000-memory.dmp

memory/1716-11-0x0000000000340000-0x0000000000341000-memory.dmp

memory/1716-14-0x0000000002610000-0x0000000002880000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 11:17

Reported

2024-06-03 11:19

Platform

win10v2004-20240426-en

Max time kernel

108s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe

"C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\5daa38a2692827ae02e4cf058cb9d0dded63fb774437916045827652bf1c3b5e.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/4500-0-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2020-3-0x0000025D097C0000-0x0000025D09A30000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 ec9ea093e569ec00b532592f8276b7f6
SHA1 9baacd2e801490a0fd274689909d8058deb8dba8
SHA256 444d0befc856c536443dc3629e2dac5d386bbcf0993bf531e468f7e166f4279b
SHA512 ee6eaa00922461fe17fdf2dc178db2aca8aaa45ace658e8e0da31825cf0fd34648e43b1c1cc579c44e34a848e2fe39982ab1c2a6292ca3689fc8c034f501699c

C:\Users\Admin\AppData\Local\Temp\+~JF5812642813926863402.tmp

MD5 7f690e503a254e0b8349aec0177e07aa
SHA1 127f241871a9fe42cd8d073a0835410f3824d57c
SHA256 7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
SHA512 329b4fcd0cbb804324a2a0e41542b64949208cffb18d38af50a7ccbaa007c0baf2b241a8077b4db0f6e97385e65ada7d73f6d06a5e55411d549b5a3bf29cd641

memory/2020-57-0x0000025D07FE0000-0x0000025D07FE1000-memory.dmp

memory/2020-63-0x0000025D09A50000-0x0000025D09A60000-memory.dmp

memory/2020-62-0x0000025D09A40000-0x0000025D09A50000-memory.dmp

memory/2020-61-0x0000025D09A30000-0x0000025D09A40000-memory.dmp

memory/2020-64-0x0000025D09A60000-0x0000025D09A70000-memory.dmp

memory/2020-67-0x0000025D09A70000-0x0000025D09A80000-memory.dmp

memory/2020-68-0x0000025D07FE0000-0x0000025D07FE1000-memory.dmp

memory/2020-71-0x0000025D09A80000-0x0000025D09A90000-memory.dmp

memory/2020-73-0x0000025D09A90000-0x0000025D09AA0000-memory.dmp

memory/2020-78-0x0000025D09AA0000-0x0000025D09AB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JNativeHook-7432773EB4D09DC286D43FCC77DDB0E1E3BCE2B4.dll

MD5 55f4de7f270663b3dc712b8c9eed422a
SHA1 7432773eb4d09dc286d43fcc77ddb0e1e3bce2b4
SHA256 47c2871dff8948de40424df497962ea6167c56bd4d487dd2e660aa2837485e25
SHA512 9da5efb0236b3bb4ec72d07bfd70a9e3f373df95d97c825513babd43d2b91c8669e28f3464173e789dad092ea48fc8d32a9d11a6d5c8d9beeabd33860ce6a996

memory/2020-87-0x0000025D09AB0000-0x0000025D09AC0000-memory.dmp

memory/2020-88-0x0000025D09AC0000-0x0000025D09AD0000-memory.dmp

memory/2020-85-0x0000025D07FE0000-0x0000025D07FE1000-memory.dmp

memory/2020-90-0x0000025D097C0000-0x0000025D09A30000-memory.dmp

memory/2020-91-0x0000025D09A30000-0x0000025D09A40000-memory.dmp

memory/2020-93-0x0000025D09A50000-0x0000025D09A60000-memory.dmp

memory/2020-92-0x0000025D09A40000-0x0000025D09A50000-memory.dmp

memory/2020-94-0x0000025D09A60000-0x0000025D09A70000-memory.dmp

memory/2020-95-0x0000025D09A70000-0x0000025D09A80000-memory.dmp

memory/2020-96-0x0000025D09A80000-0x0000025D09A90000-memory.dmp

memory/2020-97-0x0000025D09A90000-0x0000025D09AA0000-memory.dmp

memory/2020-98-0x0000025D09AA0000-0x0000025D09AB0000-memory.dmp

memory/2020-100-0x0000025D09AC0000-0x0000025D09AD0000-memory.dmp

memory/2020-99-0x0000025D09AB0000-0x0000025D09AC0000-memory.dmp