c3292a1a8b5708160e8d863844eb20ee0aad7ea0d827cb7bec429c70416f35cf

Analysis

max time kernel
131s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dids.exe
Size

140KB
MD5

a7f667638f0c2fcdb2cd6be8119cf52e
SHA1

70406b2108cd2874c2cf7757ac8604eb9e91c473
SHA256

b4f8b34082780a88d5ca6dcb6b66ddccece01a2ba198494ce3b1b8bfb508b7d8
SHA512

8f8b207fb0f61eada66ac00fa1134a77fe6b53375c3c928937f0ece6f5a9e52abb3553ada7a7060dabb8f94a3651f831b7f6ed694c9a6d04171d19e0bfa1032c
SSDEEP

1536:BGtgHEjSO//C78d78wu7hWagwrLiJYe/zVkLwtomzAzpD6szlGQX7icICnOO:0LjSO/9d7v0W3GerPt1zy6stWcI0

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2936	java.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2936	java.exe
2936	java.exe
2936	java.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2936	java.exe
2936	java.exe
2936	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2936	java.exe
2936	java.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 876	1992	dids.exe	28
PID 1992 wrote to memory of 876	1992	dids.exe	28
PID 1992 wrote to memory of 876	1992	dids.exe	28
PID 1992 wrote to memory of 876	1992	dids.exe	28
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29
PID 876 wrote to memory of 2936	876	javaw.exe	29

C:\Users\Admin\AppData\Local\Temp\dids.exe
"C:\Users\Admin\AppData\Local\Temp\dids.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\lib\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\lib\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\dids.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Users\Admin\AppData\Local\Temp\lib\bin\java.exe
    "lib\bin\java.exe" -jar lib\lib\dids-lib.jar
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\.dids\didsclient.conf

Filesize
58B

MD5
6858fe4fd33d38da7481b99230cf2728

SHA1
c797d5ad59050dee254956d7c10a85cd31b29f9f

SHA256
a1c3e12076d2e10056d576a5202f25416ed87fca2f939224e348d9f04954e730

SHA512
05d96b4f18228dbd2ea71c2f82a3a0bcb2919ca20dda85d558ca52184125abef2c1bb8439e85fceb2759b1de98e86d269fdff4a8b5be5c785d4acc239256eb3a

Download Submit
memory/876-5-0x0000000002630000-0x0000000002658000-memory.dmp

Filesize
160KB

Download
memory/876-8-0x0000000002668000-0x0000000002670000-memory.dmp

Filesize
32KB

Download
memory/876-12-0x0000000002678000-0x0000000002680000-memory.dmp

Filesize
32KB

Download
memory/876-24-0x0000000002660000-0x0000000002668000-memory.dmp

Filesize
32KB

Download
memory/876-23-0x00000000026A0000-0x00000000026A8000-memory.dmp

Filesize
32KB

Download
memory/876-22-0x0000000002658000-0x0000000002660000-memory.dmp

Filesize
32KB

Download
memory/876-26-0x00000000026A8000-0x00000000026B0000-memory.dmp

Filesize
32KB

Download
memory/876-27-0x0000000002670000-0x0000000002678000-memory.dmp

Filesize
32KB

Download
memory/876-31-0x00000000026B8000-0x00000000026C0000-memory.dmp

Filesize
32KB

Download
memory/876-32-0x00000000026C0000-0x00000000026C8000-memory.dmp

Filesize
32KB

Download
memory/876-35-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/876-40-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/876-50-0x00000000026C0000-0x00000000026C8000-memory.dmp

Filesize
32KB

Download
memory/876-49-0x00000000026B8000-0x00000000026C0000-memory.dmp

Filesize
32KB

Download
memory/876-48-0x0000000002670000-0x0000000002678000-memory.dmp

Filesize
32KB

Download
memory/876-47-0x00000000026A8000-0x00000000026B0000-memory.dmp

Filesize
32KB

Download
memory/876-46-0x0000000002660000-0x0000000002668000-memory.dmp

Filesize
32KB

Download
memory/876-45-0x00000000026A0000-0x00000000026A8000-memory.dmp

Filesize
32KB

Download
memory/876-44-0x0000000002658000-0x0000000002660000-memory.dmp

Filesize
32KB

Download
memory/876-43-0x0000000002678000-0x0000000002680000-memory.dmp

Filesize
32KB

Download
memory/876-42-0x0000000002668000-0x0000000002670000-memory.dmp

Filesize
32KB

Download
memory/1992-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2936-51-0x0000000002530000-0x0000000002558000-memory.dmp

Filesize
160KB

Download
memory/2936-58-0x0000000002568000-0x0000000002570000-memory.dmp

Filesize
32KB

Download
memory/2936-60-0x0000000002578000-0x0000000002580000-memory.dmp

Filesize
32KB

Download
memory/2936-70-0x00000000025A0000-0x00000000025A8000-memory.dmp

Filesize
32KB

Download
memory/2936-69-0x0000000002558000-0x0000000002560000-memory.dmp

Filesize
32KB

Download
memory/2936-71-0x0000000002560000-0x0000000002568000-memory.dmp

Filesize
32KB

Download
memory/2936-73-0x00000000025A8000-0x00000000025B0000-memory.dmp

Filesize
32KB

Download
memory/2936-81-0x0000000002570000-0x0000000002578000-memory.dmp

Filesize
32KB

Download
memory/2936-80-0x00000000025B0000-0x00000000025B8000-memory.dmp

Filesize
32KB

Download
memory/2936-82-0x00000000025B8000-0x00000000025C0000-memory.dmp

Filesize
32KB

Download
memory/2936-87-0x0000000018CC0000-0x0000000018CCA000-memory.dmp

Filesize
40KB

Download
memory/2936-86-0x0000000018CC0000-0x0000000018CCA000-memory.dmp

Filesize
40KB

Download
memory/2936-92-0x00000000025C0000-0x00000000025C8000-memory.dmp

Filesize
32KB

Download
memory/2936-94-0x00000000025C8000-0x00000000025D0000-memory.dmp

Filesize
32KB

Download
memory/2936-101-0x00000000025D0000-0x00000000025D8000-memory.dmp

Filesize
32KB

Download
memory/2936-105-0x00000000025D8000-0x00000000025E0000-memory.dmp

Filesize
32KB

Download
memory/2936-104-0x0000000002568000-0x0000000002570000-memory.dmp

Filesize
32KB

Download
memory/2936-110-0x00000000025E0000-0x00000000025E8000-memory.dmp

Filesize
32KB

Download
memory/2936-114-0x00000000025E8000-0x00000000025F0000-memory.dmp

Filesize
32KB

Download
memory/2936-113-0x00000000025A0000-0x00000000025A8000-memory.dmp

Filesize
32KB

Download
memory/2936-111-0x0000000002558000-0x0000000002560000-memory.dmp

Filesize
32KB

Download
memory/2936-115-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2936-117-0x00000000025F0000-0x00000000025F8000-memory.dmp

Filesize
32KB

Download
memory/2936-116-0x0000000002560000-0x0000000002568000-memory.dmp

Filesize
32KB

Download
memory/2936-119-0x00000000025A8000-0x00000000025B0000-memory.dmp

Filesize
32KB

Download
memory/2936-120-0x00000000025F8000-0x0000000002600000-memory.dmp

Filesize
32KB

Download
memory/2936-124-0x0000000002600000-0x0000000002608000-memory.dmp

Filesize
32KB

Download
memory/2936-123-0x0000000002570000-0x0000000002578000-memory.dmp

Filesize
32KB

Download
memory/2936-122-0x00000000025B0000-0x00000000025B8000-memory.dmp

Filesize
32KB

Download
memory/2936-126-0x00000000025B8000-0x00000000025C0000-memory.dmp

Filesize
32KB

Download
memory/2936-127-0x0000000002608000-0x0000000002610000-memory.dmp

Filesize
32KB

Download
memory/2936-132-0x0000000002610000-0x0000000002618000-memory.dmp

Filesize
32KB

Download
memory/2936-131-0x0000000018CC0000-0x0000000018CCA000-memory.dmp

Filesize
40KB

Download
memory/2936-130-0x0000000018CC0000-0x0000000018CCA000-memory.dmp

Filesize
40KB

Download
memory/2936-129-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2936-136-0x0000000002618000-0x0000000002620000-memory.dmp

Filesize
32KB

Download
memory/2936-135-0x00000000025C8000-0x00000000025D0000-memory.dmp

Filesize
32KB

Download
memory/2936-134-0x00000000025C0000-0x00000000025C8000-memory.dmp

Filesize
32KB

Download
memory/2936-139-0x0000000002620000-0x0000000002628000-memory.dmp

Filesize
32KB

Download
memory/2936-138-0x00000000025D0000-0x00000000025D8000-memory.dmp

Filesize
32KB

Download
memory/2936-145-0x0000000002630000-0x0000000002638000-memory.dmp

Filesize
32KB

Download
memory/2936-144-0x00000000025E0000-0x00000000025E8000-memory.dmp

Filesize
32KB

Download
memory/2936-142-0x0000000002628000-0x0000000002630000-memory.dmp

Filesize
32KB

Download
memory/2936-141-0x00000000025D8000-0x00000000025E0000-memory.dmp

Filesize
32KB

Download
memory/2936-149-0x0000000002638000-0x0000000002640000-memory.dmp

Filesize
32KB

Download
memory/2936-148-0x00000000025E8000-0x00000000025F0000-memory.dmp

Filesize
32KB

Download
memory/2936-153-0x0000000002640000-0x0000000002648000-memory.dmp

Filesize
32KB

Download
memory/2936-152-0x00000000025F0000-0x00000000025F8000-memory.dmp

Filesize
32KB

Download
memory/2936-156-0x0000000002648000-0x0000000002650000-memory.dmp

Filesize
32KB

Download
memory/2936-155-0x00000000025F8000-0x0000000002600000-memory.dmp

Filesize
32KB

Download
memory/2936-159-0x0000000002650000-0x0000000002658000-memory.dmp

Filesize
32KB

Download
memory/2936-158-0x0000000002600000-0x0000000002608000-memory.dmp

Filesize
32KB

Download
memory/2936-162-0x0000000002658000-0x0000000002660000-memory.dmp

Filesize
32KB

Download
memory/2936-161-0x0000000002608000-0x0000000002610000-memory.dmp

Filesize
32KB

Download
memory/2936-166-0x0000000002610000-0x0000000002618000-memory.dmp

Filesize
32KB

Download
memory/2936-167-0x0000000002660000-0x0000000002668000-memory.dmp

Filesize
32KB

Download
memory/2936-170-0x0000000002668000-0x0000000002670000-memory.dmp

Filesize
32KB

Download
memory/2936-169-0x0000000002618000-0x0000000002620000-memory.dmp

Filesize
32KB

Download
memory/2936-173-0x0000000002670000-0x0000000002678000-memory.dmp

Filesize
32KB

Download
memory/2936-172-0x0000000002620000-0x0000000002628000-memory.dmp

Filesize
32KB

Download
memory/2936-177-0x0000000002678000-0x0000000002680000-memory.dmp

Filesize
32KB

Download
memory/2936-176-0x0000000002628000-0x0000000002630000-memory.dmp

Filesize
32KB

Download
memory/2936-181-0x0000000002680000-0x0000000002688000-memory.dmp

Filesize
32KB

Download
memory/2936-180-0x0000000002630000-0x0000000002638000-memory.dmp

Filesize
32KB

Download
memory/2936-185-0x0000000002688000-0x0000000002690000-memory.dmp

Filesize
32KB

Download
memory/2936-184-0x0000000002638000-0x0000000002640000-memory.dmp

Filesize
32KB

Download
memory/2936-190-0x0000000002690000-0x0000000002698000-memory.dmp

Filesize
32KB

Download
memory/2936-189-0x0000000002640000-0x0000000002648000-memory.dmp

Filesize
32KB

Download
memory/2936-194-0x0000000002698000-0x00000000026A0000-memory.dmp

Filesize
32KB

Download
memory/2936-193-0x0000000002648000-0x0000000002650000-memory.dmp

Filesize
32KB

Download
memory/2936-198-0x00000000026A0000-0x00000000026A8000-memory.dmp

Filesize
32KB

Download
memory/2936-197-0x0000000002650000-0x0000000002658000-memory.dmp

Filesize
32KB

Download
memory/2936-202-0x00000000026A8000-0x00000000026B0000-memory.dmp

Filesize
32KB

Download
memory/2936-201-0x0000000002658000-0x0000000002660000-memory.dmp

Filesize
32KB

Download
memory/2936-207-0x00000000026B0000-0x00000000026B8000-memory.dmp

Filesize
32KB

Download
memory/2936-206-0x0000000002660000-0x0000000002668000-memory.dmp

Filesize
32KB

Download
memory/2936-214-0x0000000002580000-0x0000000002588000-memory.dmp

Filesize
32KB

Download
memory/2936-213-0x00000000026B8000-0x00000000026C0000-memory.dmp

Filesize
32KB

Download
memory/2936-212-0x0000000002668000-0x0000000002670000-memory.dmp

Filesize
32KB

Download
memory/2936-252-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download