c06b7bae0279b2f76f50724c18f6744d4190bbd1f51de28ec865ea19e57bbebc

Analysis

max time kernel
146s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Marfrig/Centaurus_V2-55-0_ParshallDisplay.jar
Size

2.6MB
MD5

b53d869bc34f8f35c6c43f260d1e47bf
SHA1

8be010645d2f1e2081689f464c4737a1b9991bb5
SHA256

9eb31561a555f7f727df1c42a68d1e1804c59062fdded01cc586320c8a490552
SHA512

2416d7cbf5e8230f432b5e0bd8ac5e277806faa35d165415b74269a51109a6191e865993c72685e25f30860136d7344a5f9a649e682925042376b9d59fe3baeb
SSDEEP

49152:hnY4kAoFG3s+mpUOIRelwM6vMwAoGnQMWQyqjj/BU1U62j69ewJVg2hJyCX0ydaZ:hYtfFG9mp29vLAoGnFZn964aVfhJWyIb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3440	java.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\rxtxSerial.dll	java.exe
File created	C:\Windows\system32\rxtxParallel.dll	java.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	java.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	java.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3440	java.exe
3440	java.exe
3440	java.exe
3440	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3724	3440	java.exe	86
PID 3440 wrote to memory of 3724	3440	java.exe	86

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3724	ATTRIB.EXE

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Marfrig\Centaurus_V2-55-0_ParshallDisplay.jar
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SYSTEM32\ATTRIB.EXE
  ATTRIB.EXE +H casasDecimais.properties
  2⤵
  - Views/modifies file attributes
  PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Marfrig\casasDecimais.properties

Filesize
69B

MD5
b4fbddc23a294b3075f8ead643a3c3bf

SHA1
99900056bc3349d2b58c22bc8fddd446d755bfad

SHA256
6c2ecd0ddbbca24829a91688d716de85edb6e954d2c7761674bcb0b2635f2fe7

SHA512
1f9fd62344526e8fd29021b25d2249f2eef3199faffa60a52a6df5d1eb79fcb5065e9451bb7920b236ef61e732bf357aa68796d84fb0dee81801be48821f61f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jar_cache2481113920435358276.tmp

Filesize
80KB

MD5
3abdae97fd4ea7b3094e6705311afb70

SHA1
466b45e19109cdee04fb5df6a9f431ac061fbccb

SHA256
1b28d56df723221124f05384ea146e5a8b61f58656e60a35851eed35fabfb221

SHA512
31294f257f7894e7c1b14dcfaf001c4f98147bcd70d2ae6b7af1b0a4ab28c6ba2f13136c456d67c79455edc59bf507c33fa1ffaf2fe49605ad9d05c006661dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\jar_cache6893237383355939009.tmp

Filesize
87KB

MD5
ab9dace5c381013951a6036e74bbd28d

SHA1
39a722f6ff96e8c9c0a11629b16e51bafcdc4b75

SHA256
f91e89a2b4fd70f081442d13f1e0e6541801edcf6ccf3afc7f0993175b0765b1

SHA512
70756acf23f21d68850c46d0c7762c41b4cd99bf9d4a43467800676df51ca9d3984bd1d7a15a97b872eed4b00fd506dd4281cdb2fb583e4867a3354b6b08a996

Download Submit
C:\Users\Admin\AppData\Local\Temp\jar_cache7832921808489409130.tmp

Filesize
58KB

MD5
f94e90a2030310fc882f814b8f7eccc6

SHA1
e96c946be1e6537378fd532d2742b523df2725a4

SHA256
80c06c307be9c54ecf02cf10db921f42f1809087e85f2f1f772a80b282f326cc

SHA512
faeb9c58c1918291a9ff2622cabd5b661afce14fe254546d8ae8b7165fcec7ef6b4973ea850b5451610be03d5c83e4af0275420439470daf5ce1394e9575fd4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jar_cache9174185408122466998.tmp

Filesize
365KB

MD5
4b7e2e73a0837da83627fa091062f7e5

SHA1
12478227145c02f02e897c3bc7fdcd6988db88ab

SHA256
ccb92be49654f18a88f815271f1b4c9b3b8e25b09e3595df806ce2c6a762e54d

SHA512
a3d4b3e98e9e0cd854a0d2b38f1650b51037ad05a09277d0dd7a99af2f0cac4a62231475861bcd95278628ca65cdac99fdf5a38976ac760f85cf6d31ea965563

Download Submit
C:\Windows\System32\rxtxSerial.dll

Filesize
126KB

MD5
69cc163bd480321c66a988c0a8fdae84

SHA1
5581fe684291b9af2a4dd282d27009fe7e1f2855

SHA256
993beae12d71ddab9e5d0139131a562dfb3a560044886e677e332ed56574d1d3

SHA512
4878cb7b024797e1aefd259a5c2280b334a6b354462844eab0d70099766e5375b0b937138f2e5c57daa56a3dde94f297fb8ff678cd2bdf19c5bbfa657e823f83

Download Submit
memory/3440-2-0x000001F180000000-0x000001F180270000-memory.dmp

Filesize
2.4MB

Download
memory/3440-53-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-247-0x000001F180270000-0x000001F180280000-memory.dmp

Filesize
64KB

Download
memory/3440-249-0x000001F180280000-0x000001F180290000-memory.dmp

Filesize
64KB

Download
memory/3440-272-0x000001F180290000-0x000001F1802A0000-memory.dmp

Filesize
64KB

Download
memory/3440-277-0x000001F1802A0000-0x000001F1802B0000-memory.dmp

Filesize
64KB

Download
memory/3440-287-0x000001F1802C0000-0x000001F1802D0000-memory.dmp

Filesize
64KB

Download
memory/3440-288-0x000001F1802B0000-0x000001F1802C0000-memory.dmp

Filesize
64KB

Download
memory/3440-290-0x000001F1802D0000-0x000001F1802E0000-memory.dmp

Filesize
64KB

Download
memory/3440-294-0x000001F1802E0000-0x000001F1802F0000-memory.dmp

Filesize
64KB

Download
memory/3440-292-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-298-0x000001F1802F0000-0x000001F180300000-memory.dmp

Filesize
64KB

Download
memory/3440-303-0x000001F180300000-0x000001F180310000-memory.dmp

Filesize
64KB

Download
memory/3440-302-0x000001F180000000-0x000001F180270000-memory.dmp

Filesize
2.4MB

Download
memory/3440-307-0x000001F180270000-0x000001F180280000-memory.dmp

Filesize
64KB

Download
memory/3440-310-0x000001F180330000-0x000001F180340000-memory.dmp

Filesize
64KB

Download
memory/3440-309-0x000001F180320000-0x000001F180330000-memory.dmp

Filesize
64KB

Download
memory/3440-308-0x000001F180310000-0x000001F180320000-memory.dmp

Filesize
64KB

Download
memory/3440-313-0x000001F180340000-0x000001F180350000-memory.dmp

Filesize
64KB

Download
memory/3440-312-0x000001F180280000-0x000001F180290000-memory.dmp

Filesize
64KB

Download
memory/3440-323-0x000001F180350000-0x000001F180360000-memory.dmp

Filesize
64KB

Download
memory/3440-322-0x000001F180290000-0x000001F1802A0000-memory.dmp

Filesize
64KB

Download
memory/3440-325-0x000001F180360000-0x000001F180370000-memory.dmp

Filesize
64KB

Download
memory/3440-324-0x000001F1802A0000-0x000001F1802B0000-memory.dmp

Filesize
64KB

Download
memory/3440-329-0x000001F180370000-0x000001F180380000-memory.dmp

Filesize
64KB

Download
memory/3440-328-0x000001F1802C0000-0x000001F1802D0000-memory.dmp

Filesize
64KB

Download
memory/3440-332-0x000001F180380000-0x000001F180390000-memory.dmp

Filesize
64KB

Download
memory/3440-333-0x000001F180390000-0x000001F1803A0000-memory.dmp

Filesize
64KB

Download
memory/3440-331-0x000001F1802B0000-0x000001F1802C0000-memory.dmp

Filesize
64KB

Download
memory/3440-336-0x000001F1802D0000-0x000001F1802E0000-memory.dmp

Filesize
64KB

Download
memory/3440-337-0x000001F1803A0000-0x000001F1803B0000-memory.dmp

Filesize
64KB

Download
memory/3440-340-0x000001F1803B0000-0x000001F1803C0000-memory.dmp

Filesize
64KB

Download
memory/3440-339-0x000001F1802E0000-0x000001F1802F0000-memory.dmp

Filesize
64KB

Download
memory/3440-342-0x000001F1803C0000-0x000001F1803D0000-memory.dmp

Filesize
64KB

Download
memory/3440-341-0x000001F1802F0000-0x000001F180300000-memory.dmp

Filesize
64KB

Download
memory/3440-348-0x000001F1803E0000-0x000001F1803F0000-memory.dmp

Filesize
64KB

Download
memory/3440-347-0x000001F1803D0000-0x000001F1803E0000-memory.dmp

Filesize
64KB

Download
memory/3440-346-0x000001F180300000-0x000001F180310000-memory.dmp

Filesize
64KB

Download
memory/3440-350-0x000001F180320000-0x000001F180330000-memory.dmp

Filesize
64KB

Download
memory/3440-353-0x000001F1803F0000-0x000001F180400000-memory.dmp

Filesize
64KB

Download
memory/3440-352-0x000001F180330000-0x000001F180340000-memory.dmp

Filesize
64KB

Download
memory/3440-349-0x000001F180310000-0x000001F180320000-memory.dmp

Filesize
64KB

Download
memory/3440-355-0x000001F180340000-0x000001F180350000-memory.dmp

Filesize
64KB

Download
memory/3440-356-0x000001F180400000-0x000001F180410000-memory.dmp

Filesize
64KB

Download
memory/3440-359-0x000001F180410000-0x000001F180420000-memory.dmp

Filesize
64KB

Download
memory/3440-358-0x000001F180350000-0x000001F180360000-memory.dmp

Filesize
64KB

Download
memory/3440-362-0x000001F180420000-0x000001F180430000-memory.dmp

Filesize
64KB

Download
memory/3440-361-0x000001F180360000-0x000001F180370000-memory.dmp

Filesize
64KB

Download
memory/3440-364-0x000001F180370000-0x000001F180380000-memory.dmp

Filesize
64KB

Download
memory/3440-365-0x000001F180430000-0x000001F180440000-memory.dmp

Filesize
64KB

Download
memory/3440-367-0x000001F180380000-0x000001F180390000-memory.dmp

Filesize
64KB

Download
memory/3440-369-0x000001F180440000-0x000001F180450000-memory.dmp

Filesize
64KB

Download
memory/3440-368-0x000001F180390000-0x000001F1803A0000-memory.dmp

Filesize
64KB

Download
memory/3440-371-0x000001F1803A0000-0x000001F1803B0000-memory.dmp

Filesize
64KB

Download
memory/3440-372-0x000001F180450000-0x000001F180460000-memory.dmp

Filesize
64KB

Download
memory/3440-389-0x000001F180460000-0x000001F180470000-memory.dmp

Filesize
64KB

Download
memory/3440-388-0x000001F1803B0000-0x000001F1803C0000-memory.dmp

Filesize
64KB

Download
memory/3440-396-0x000001F180480000-0x000001F180490000-memory.dmp

Filesize
64KB

Download
memory/3440-400-0x000001F180490000-0x000001F1804A0000-memory.dmp

Filesize
64KB

Download
memory/3440-399-0x000001F1803E0000-0x000001F1803F0000-memory.dmp

Filesize
64KB

Download
memory/3440-398-0x000001F1803D0000-0x000001F1803E0000-memory.dmp

Filesize
64KB

Download
memory/3440-395-0x000001F180470000-0x000001F180480000-memory.dmp

Filesize
64KB

Download
memory/3440-392-0x000001F1803C0000-0x000001F1803D0000-memory.dmp

Filesize
64KB

Download
memory/3440-406-0x000001F1804B0000-0x000001F1804C0000-memory.dmp

Filesize
64KB

Download
memory/3440-405-0x000001F1804A0000-0x000001F1804B0000-memory.dmp

Filesize
64KB

Download
memory/3440-404-0x000001F1803F0000-0x000001F180400000-memory.dmp

Filesize
64KB

Download
memory/3440-424-0x000001F180410000-0x000001F180420000-memory.dmp

Filesize
64KB

Download
memory/3440-423-0x000001F1804E0000-0x000001F1804F0000-memory.dmp

Filesize
64KB

Download
memory/3440-422-0x000001F1804C0000-0x000001F1804D0000-memory.dmp

Filesize
64KB

Download
memory/3440-425-0x000001F1804D0000-0x000001F1804E0000-memory.dmp

Filesize
64KB

Download
memory/3440-429-0x000001F1804F0000-0x000001F180500000-memory.dmp

Filesize
64KB

Download
memory/3440-434-0x000001F180510000-0x000001F180520000-memory.dmp

Filesize
64KB

Download
memory/3440-433-0x000001F180430000-0x000001F180440000-memory.dmp

Filesize
64KB

Download
memory/3440-432-0x000001F180500000-0x000001F180510000-memory.dmp

Filesize
64KB

Download
memory/3440-428-0x000001F180420000-0x000001F180430000-memory.dmp

Filesize
64KB

Download
memory/3440-414-0x000001F180400000-0x000001F180410000-memory.dmp

Filesize
64KB

Download
memory/3440-439-0x000001F180520000-0x000001F180530000-memory.dmp

Filesize
64KB

Download
memory/3440-438-0x000001F180440000-0x000001F180450000-memory.dmp

Filesize
64KB

Download
memory/3440-449-0x000001F180530000-0x000001F180540000-memory.dmp

Filesize
64KB

Download
memory/3440-445-0x000001F180450000-0x000001F180460000-memory.dmp

Filesize
64KB

Download
memory/3440-463-0x000001F180460000-0x000001F180470000-memory.dmp

Filesize
64KB

Download
memory/3440-464-0x000001F180540000-0x000001F180550000-memory.dmp

Filesize
64KB

Download
memory/3440-465-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-469-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-481-0x000001F180490000-0x000001F1804A0000-memory.dmp

Filesize
64KB

Download
memory/3440-474-0x000001F180570000-0x000001F180580000-memory.dmp

Filesize
64KB

Download
memory/3440-512-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-511-0x000001F1805E0000-0x000001F1805F0000-memory.dmp

Filesize
64KB

Download
memory/3440-510-0x000001F1805D0000-0x000001F1805E0000-memory.dmp

Filesize
64KB

Download
memory/3440-509-0x000001F1804C0000-0x000001F1804D0000-memory.dmp

Filesize
64KB

Download
memory/3440-508-0x000001F1804B0000-0x000001F1804C0000-memory.dmp

Filesize
64KB

Download
memory/3440-507-0x000001F1804A0000-0x000001F1804B0000-memory.dmp

Filesize
64KB

Download
memory/3440-490-0x000001F1805C0000-0x000001F1805D0000-memory.dmp

Filesize
64KB

Download
memory/3440-489-0x000001F1805B0000-0x000001F1805C0000-memory.dmp

Filesize
64KB

Download
memory/3440-488-0x000001F1805A0000-0x000001F1805B0000-memory.dmp

Filesize
64KB

Download
memory/3440-485-0x000001F180590000-0x000001F1805A0000-memory.dmp

Filesize
64KB

Download
memory/3440-482-0x000001F180580000-0x000001F180590000-memory.dmp

Filesize
64KB

Download
memory/3440-473-0x000001F180560000-0x000001F180570000-memory.dmp

Filesize
64KB

Download
memory/3440-472-0x000001F180550000-0x000001F180560000-memory.dmp

Filesize
64KB

Download
memory/3440-471-0x000001F180480000-0x000001F180490000-memory.dmp

Filesize
64KB

Download
memory/3440-470-0x000001F180470000-0x000001F180480000-memory.dmp

Filesize
64KB

Download
memory/3440-587-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-634-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-644-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-646-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-668-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download
memory/3440-683-0x000001F1F1EB0000-0x000001F1F1EB1000-memory.dmp

Filesize
4KB

Download