Overview

overview

3

Static

static

1

CMPack_app.jar

windows7-x64

1

CMPack_app.jar

windows10-2004-x64

1

A.class

windows7-x64

3

A.class

windows10-2004-x64

3

AA.class

windows7-x64

3

AA.class

windows10-2004-x64

3

AB.class

windows7-x64

3

AB.class

windows10-2004-x64

3

AC.class

windows7-x64

3

AC.class

windows10-2004-x64

3

AD.class

windows7-x64

3

AD.class

windows10-2004-x64

3

AE.class

windows7-x64

3

AE.class

windows10-2004-x64

3

AF.class

windows7-x64

3

AF.class

windows10-2004-x64

3

AG.class

windows7-x64

3

AG.class

windows10-2004-x64

3

AH.class

windows7-x64

3

AH.class

windows10-2004-x64

3

AI.class

windows7-x64

3

AI.class

windows10-2004-x64

3

AJ.class

windows7-x64

3

AJ.class

windows10-2004-x64

3

AK.class

windows7-x64

3

AK.class

windows10-2004-x64

3

AL.class

windows7-x64

3

AL.class

windows10-2004-x64

3

AM.class

windows7-x64

3

AM.class

windows10-2004-x64

3

AN.class

windows7-x64

3

AN.class

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CMPack_app.jar

  • Size

    9.1MB

  • MD5

    a3b4380e55f259d8aac47b03e88d904c

  • SHA1

    70aa3bb17cff1064771dde9c1c11d106bbd096e8

  • SHA256

    66b13fad78119e5cfb1933fba5effb8f2dbeae76bbdf21868b5ab2167567be80

  • SHA512

    6dc824ea6e50bd271fb4ba90e9b109ebe78d99d5b3dabbfa87ac49cd8ec78a65df37c518f2412711161d0e5c1ed077db84f071e01f2f929ee2ca40ef25a68c38

  • SSDEEP

    196608:JkM5Qo8oUeQcNSqsFgLhHgKkONsgNapih9w1W+4DFBBduXvUUWjGrS:JkM5QboAquchH7XWwYrwyS

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\CMPack_app.jar
    1⤵
      PID:2396
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2124
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x4f0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2332
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3048
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2196
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.0.1688444837\640890981" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1260 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {766df2a5-14d6-4819-9f17-f77064b2a2cf} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 1356 109d6758 gpu
            3⤵
              PID:568
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.1.299647686\1380263097" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1516 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af6a595-58f7-41c3-b268-4df17b255eb9} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 1540 d72e58 socket
              3⤵
                PID:1960
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.2.569243121\627174157" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc9e0663-6bf1-4ed9-a4a7-02e283d4bd0b} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 2060 1a088e58 tab
                3⤵
                  PID:1384
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.3.1790834205\200163135" -childID 2 -isForBrowser -prefsHandle 2532 -prefMapHandle 2528 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a991337e-cf0a-4441-84c5-9afcb54aa829} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 2544 d61658 tab
                  3⤵
                    PID:2564
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.4.1534402205\1509968865" -childID 3 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94f377b0-52d0-44da-8742-8bd272772990} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3028 1a4ebc58 tab
                    3⤵
                      PID:2044
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.5.898459446\1926686468" -childID 4 -isForBrowser -prefsHandle 3520 -prefMapHandle 3796 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2986f1cf-d5e1-4ec0-950e-0ae6f0bcf0f5} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3820 1f163258 tab
                      3⤵
                        PID:1916
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.6.1412965542\1776832454" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00a488a9-56ae-4096-a9bd-5cd79aca34a5} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 3924 1f164a58 tab
                        3⤵
                          PID:2620
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.7.366206299\630087806" -childID 6 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7526ad16-065e-4218-ae7a-53eaf83859d8} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 4104 1f164158 tab
                          3⤵
                            PID:2604
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2196.8.718441293\1235012534" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 4428 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa07e4e-6a03-40d3-9795-3df0de449da9} 2196 "\\.\pipe\gecko-crash-server-pipe.2196" 4444 2286c258 tab
                            3⤵
                              PID:1956

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          26KB

                          MD5

                          93ef56f3053dcaea255556650d492cf4

                          SHA1

                          33d747c1fe80c9c7070bdab8a06cdcad977286a4

                          SHA256

                          b342696b25ff9958d07d0a3ac23f184fd06c302b836a8730054bbda47190123e

                          SHA512

                          003a2e9e7c14e7eda93ba450a19bc3f7a368d6fb6d31937d1c26bb6037eb09a9fa32ffa0e3d4e7308ef322c3b11d6e520b9bb218f9e763f286a5b1e8e7ec24b0

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          26KB

                          MD5

                          f97cbdc0a1fb05136904b86ea9f0b60c

                          SHA1

                          0ef6a256d04d4ebfea29f57f3a18cc50a4a4e27a

                          SHA256

                          1dc1ed7e8db0b453c6f1c42850b46852112ba7a5c1297a9ff5f84167d596071b

                          SHA512

                          bd6f7ba91407a3be5a8ddf35581ddbc73c19260c515feb0412aa496ef00112f2fe25522864f84cbe891686d480bb9b06cdb79348e032ce8a63670961784a11d3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          640923a9624adf1ece89d6a65146a781

                          SHA1

                          e0d1af680dc8e69948f2b1cf9924a0e4d9301b5a

                          SHA256

                          f34474379aedfd5a8ed73d143819a677b226e7a3cd12d0163cadc90d308f03fa

                          SHA512

                          057f250e4455bcf192e127a71c76f2137cb7d071afd7c4b5650e509129a6092bb62514292ac677b85efae03ff3a6981f7c8c8fe43e007e0147a2826ea720b819

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\8ed27447-5a4e-448b-bf50-eb624e4bf6f2
                          Filesize

                          10KB

                          MD5

                          b879023d95da5453b9263a9d8d12fc57

                          SHA1

                          2834287a5d590b5407da1a549c4776d6bb56173b

                          SHA256

                          96c91ae05658d100e40e9c0c9170cdd2842c027d99daae546936ae22e469c39c

                          SHA512

                          cdcf15bd7728dd179a7e2972cb9957d9135a1b2db56871f2ad6438058160d26a97dae89c2ddd4b74a507946ae4ebc1d5c709b0f27cb2a126b60fe61f11781e75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\c5754a57-4fff-4461-8cbb-67c8b5f2bf9f
                          Filesize

                          745B

                          MD5

                          bd9698592c165f8bebde6ccfaf374048

                          SHA1

                          abd6b95fb9e6e2617fcb65d60ff4d1a85ac67bc6

                          SHA256

                          28395e9a2aabeb9ba63a741d4ec4ada5e3505ca50313f754285266cabbfc0868

                          SHA512

                          129105eca64b63c418c3ee01bc408e548c610c29f59e797e93cb34407925401269a2752f5acdafdb74b93a946025f7058d4b86583ac2cc55d62b81fa606a57d1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          ce9b93ad094c0ac1370e0b6e202fbb56

                          SHA1

                          a053f62af19635ad629b16a0f9c70a28de163591

                          SHA256

                          0b80fe013597dc59419401b11e6b66cf62265c9d6838b7440b40347be88e3706

                          SHA512

                          f089763c6f5a4165fd11c1986e2a2a74021d2dcaeb98753d41e92f4278c3b2ed0f9eba838f539c688ff81e0f46cbc9eb91d0350f3c8f411b1fb9983f7a6da8ff

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          4b4eab5218aa2207ae63f850ace86178

                          SHA1

                          3ceb1140354233960d32f5be4ea4f79c607400f3

                          SHA256

                          a3717cfa6f6bbe6b511e34f639a2fd537479a2c333ae53c461c0a74c10bce3ee

                          SHA512

                          3cc12d0b654221a4cd82bac8f0e0c11ab37b721f51674d884ada205d229f84db15256e6bb8114f1e33ac8bd504b317a99ff0e89847149eb95f75d28f2c26f2f9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          ef2a5de816009d8053b519c1adb07239

                          SHA1

                          7abfba6d7a9ab13f2aaa92ae0743a389485882ee

                          SHA256

                          37ea9fb0ad9fa9ddccdc8e2873411712d67125acaeb9fc8b920eb3ce3be639b5

                          SHA512

                          239128e44e5d1f80fac238b9674d7281bd208c97c0c8ec67ea009edb9b8bf743f582680dac091ca52f86d404e660dc3ad5a22541b7cb84e3a02cd55dc88117b1

                          Download Submit