4c96111aaddafa203db267464ab4028614702e90b949dbdd263d7ffeafc8b88a

Analysis

max time kernel
34s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RuneWild.jar
Size

36KB
MD5

d9bee69eac95eea0950c589fd53a7dd2
SHA1

e6921aadf923c57e2f49855ec544c1dbcf009406
SHA256

4c96111aaddafa203db267464ab4028614702e90b949dbdd263d7ffeafc8b88a
SHA512

f8e13cfc95444592dd50e2c45bac0671bb8075b6897627159a3d5db70169cb90eca43b1f70332e41f2c6573ae8ce131b5b02a98814de759a9ba2859be6c4b80e
SSDEEP

768:cmewJj+SRi4rI8p0GlgDx2Nv5hakj1qwmc8sg8IbRRLuf:cmfF+SRi4rVp7msbhrl8sgBaf

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4248	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4248	java.exe
4248	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 3504	4248	java.exe	96
PID 4248 wrote to memory of 3504	4248	java.exe	96
PID 4248 wrote to memory of 4772	4248	java.exe	97
PID 4248 wrote to memory of 4772	4248	java.exe	97
PID 4248 wrote to memory of 3444	4248	java.exe	100
PID 4248 wrote to memory of 3444	4248	java.exe	100
PID 3444 wrote to memory of 4888	3444	cmd.exe	102
PID 3444 wrote to memory of 4888	3444	cmd.exe	102

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3504	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\RuneWild.jar
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users/Public/AppData/windll32.dat
  2⤵
  - Views/modifies file attributes
  PID:3504
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C "echo %TEMP%"
  2⤵
  PID:4772
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\jwmi.vbs
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3444
- - C:\Windows\system32\cscript.exe
    cscript.exe C:\Users\Admin\AppData\Local\Temp\jwmi.vbs
    3⤵
    PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jwmi.vbs

Filesize
262B

MD5
64c852efe3c2fa37a11e0827735ae4d9

SHA1
cd2d9e1fb984fabdfae6e3836d627291212654a5

SHA256
3b06ac6711e4b9192bf810b2ab9e63aaabfa9e1768adeab10a2ac09630fef7d2

SHA512
c7e1ea21de70920ae98062aab25ffd8dc14768697911defe9e71541795ded8c27d44f8f5dec9aadf0d4e4ffdcb1b37a792cecc9a2a203f62db54fa4098fd6653

Download Submit
C:\Users\Admin\runewild\cache\main_file_cache.idx6

Filesize
33KB

MD5
6772e8b166185d68aad224c4277988b6

SHA1
d7cc902f6732dfe83c553d684c221054c3fb3e29

SHA256
7d8371a7e313de34a0b3118bafb5627ab65fbea0c736a2773bd4ed1e6584611e

SHA512
8cc591a45385284c48b75c4a40f1e9ee98d80f2346a831155eecc981e45733e3cb9e44308fae343367df437fd137b837049f7e2ad4cd2cf34df14a390bbb636f

Download Submit
C:\Users\Admin\runewild\personal.dat

Filesize
545B

MD5
fcb2db03753017184a29d5ed0bcb3125

SHA1
3b1c07d08504bc2b4b95119ff8247f511b512476

SHA256
0b20b47450f881902be98833bc9f61a974acf7b9c5cfab14b66e5610ea3d1db5

SHA512
8ee07688d1d789cfb8271fe8b2ee4cfa8f504d774d32d3b30df92656e316fb0ef5d6b0c17411548daba266323b327fbfc6b8f1df3254af6ade3754d8fe133e8e

Download Submit
C:\Users\Public\AppData\windll32.dat

Filesize
36B

MD5
d955e6ec2529f50711b6f12b20433270

SHA1
37b5d1e0d13e80ace67904cac6a8d00f488425ac

SHA256
6ec9eb10d2ea6d31d0974d8d25b2abbb7789b06e0f412830d3e16eba5a2f001f

SHA512
1691397421ae42ff2f6602ade532610374ee0999e5953817017c235dac478bfaaa4874356a77c997fa1a1bb3082b88dbb525e8ac7ed5f239718aeb79ec9c8217

Download Submit
memory/4248-2-0x000002411A620000-0x000002411A890000-memory.dmp

Filesize
2.4MB

Download
memory/4248-18-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-22-0x000002411A890000-0x000002411A8A0000-memory.dmp

Filesize
64KB

Download
memory/4248-25-0x000002411A8A0000-0x000002411A8B0000-memory.dmp

Filesize
64KB

Download
memory/4248-27-0x000002411A8B0000-0x000002411A8C0000-memory.dmp

Filesize
64KB

Download
memory/4248-30-0x000002411A8D0000-0x000002411A8E0000-memory.dmp

Filesize
64KB

Download
memory/4248-29-0x000002411A8C0000-0x000002411A8D0000-memory.dmp

Filesize
64KB

Download
memory/4248-32-0x000002411A8E0000-0x000002411A8F0000-memory.dmp

Filesize
64KB

Download
memory/4248-35-0x000002411A8F0000-0x000002411A900000-memory.dmp

Filesize
64KB

Download
memory/4248-36-0x000002411A900000-0x000002411A910000-memory.dmp

Filesize
64KB

Download
memory/4248-39-0x000002411A910000-0x000002411A920000-memory.dmp

Filesize
64KB

Download
memory/4248-40-0x000002411A920000-0x000002411A930000-memory.dmp

Filesize
64KB

Download
memory/4248-44-0x000002411A620000-0x000002411A890000-memory.dmp

Filesize
2.4MB

Download
memory/4248-48-0x000002411A940000-0x000002411A950000-memory.dmp

Filesize
64KB

Download
memory/4248-47-0x000002411A950000-0x000002411A960000-memory.dmp

Filesize
64KB

Download
memory/4248-46-0x000002411A930000-0x000002411A940000-memory.dmp

Filesize
64KB

Download
memory/4248-45-0x000002411A890000-0x000002411A8A0000-memory.dmp

Filesize
64KB

Download
memory/4248-51-0x000002411A960000-0x000002411A970000-memory.dmp

Filesize
64KB

Download
memory/4248-50-0x000002411A8A0000-0x000002411A8B0000-memory.dmp

Filesize
64KB

Download
memory/4248-57-0x000002411A980000-0x000002411A990000-memory.dmp

Filesize
64KB

Download
memory/4248-56-0x000002411A970000-0x000002411A980000-memory.dmp

Filesize
64KB

Download
memory/4248-55-0x000002411A8B0000-0x000002411A8C0000-memory.dmp

Filesize
64KB

Download
memory/4248-60-0x000002411A8D0000-0x000002411A8E0000-memory.dmp

Filesize
64KB

Download
memory/4248-61-0x000002411A990000-0x000002411A9A0000-memory.dmp

Filesize
64KB

Download
memory/4248-59-0x000002411A8C0000-0x000002411A8D0000-memory.dmp

Filesize
64KB

Download
memory/4248-64-0x000002411A9A0000-0x000002411A9B0000-memory.dmp

Filesize
64KB

Download
memory/4248-63-0x000002411A8E0000-0x000002411A8F0000-memory.dmp

Filesize
64KB

Download
memory/4248-69-0x000002411A9B0000-0x000002411A9C0000-memory.dmp

Filesize
64KB

Download
memory/4248-68-0x000002411A8F0000-0x000002411A900000-memory.dmp

Filesize
64KB

Download
memory/4248-75-0x000002411A9C0000-0x000002411A9D0000-memory.dmp

Filesize
64KB

Download
memory/4248-74-0x000002411A900000-0x000002411A910000-memory.dmp

Filesize
64KB

Download
memory/4248-79-0x000002411A9D0000-0x000002411A9E0000-memory.dmp

Filesize
64KB

Download
memory/4248-78-0x000002411A910000-0x000002411A920000-memory.dmp

Filesize
64KB

Download
memory/4248-82-0x000002411A9E0000-0x000002411A9F0000-memory.dmp

Filesize
64KB

Download
memory/4248-81-0x000002411A920000-0x000002411A930000-memory.dmp

Filesize
64KB

Download
memory/4248-84-0x000002411A950000-0x000002411A960000-memory.dmp

Filesize
64KB

Download
memory/4248-85-0x000002411A9F0000-0x000002411AA00000-memory.dmp

Filesize
64KB

Download
memory/4248-83-0x000002411A930000-0x000002411A940000-memory.dmp

Filesize
64KB

Download
memory/4248-88-0x000002411A940000-0x000002411A950000-memory.dmp

Filesize
64KB

Download
memory/4248-90-0x000002411AA10000-0x000002411AA20000-memory.dmp

Filesize
64KB

Download
memory/4248-89-0x000002411AA00000-0x000002411AA10000-memory.dmp

Filesize
64KB

Download
memory/4248-93-0x000002411A960000-0x000002411A970000-memory.dmp

Filesize
64KB

Download
memory/4248-94-0x000002411AA20000-0x000002411AA30000-memory.dmp

Filesize
64KB

Download
memory/4248-96-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-99-0x000002411A970000-0x000002411A980000-memory.dmp

Filesize
64KB

Download
memory/4248-100-0x000002411A980000-0x000002411A990000-memory.dmp

Filesize
64KB

Download
memory/4248-101-0x000002411AA30000-0x000002411AA40000-memory.dmp

Filesize
64KB

Download
memory/4248-103-0x000002411A990000-0x000002411A9A0000-memory.dmp

Filesize
64KB

Download
memory/4248-104-0x000002411AA40000-0x000002411AA50000-memory.dmp

Filesize
64KB

Download
memory/4248-107-0x000002411A9A0000-0x000002411A9B0000-memory.dmp

Filesize
64KB

Download
memory/4248-109-0x000002411AA60000-0x000002411AA70000-memory.dmp

Filesize
64KB

Download
memory/4248-108-0x000002411AA50000-0x000002411AA60000-memory.dmp

Filesize
64KB

Download
memory/4248-113-0x000002411AA70000-0x000002411AA80000-memory.dmp

Filesize
64KB

Download
memory/4248-112-0x000002411A9B0000-0x000002411A9C0000-memory.dmp

Filesize
64KB

Download
memory/4248-116-0x000002411AA80000-0x000002411AA90000-memory.dmp

Filesize
64KB

Download
memory/4248-115-0x000002411A9C0000-0x000002411A9D0000-memory.dmp

Filesize
64KB

Download
memory/4248-120-0x000002411AA90000-0x000002411AAA0000-memory.dmp

Filesize
64KB

Download
memory/4248-119-0x000002411A9D0000-0x000002411A9E0000-memory.dmp

Filesize
64KB

Download
memory/4248-125-0x000002411AAB0000-0x000002411AAC0000-memory.dmp

Filesize
64KB

Download
memory/4248-124-0x000002411AAA0000-0x000002411AAB0000-memory.dmp

Filesize
64KB

Download
memory/4248-123-0x000002411A9E0000-0x000002411A9F0000-memory.dmp

Filesize
64KB

Download
memory/4248-129-0x000002411AAC0000-0x000002411AAD0000-memory.dmp

Filesize
64KB

Download
memory/4248-128-0x000002411A9F0000-0x000002411AA00000-memory.dmp

Filesize
64KB

Download
memory/4248-133-0x000002411AA10000-0x000002411AA20000-memory.dmp

Filesize
64KB

Download
memory/4248-134-0x000002411AAD0000-0x000002411AAE0000-memory.dmp

Filesize
64KB

Download
memory/4248-132-0x000002411AA00000-0x000002411AA10000-memory.dmp

Filesize
64KB

Download
memory/4248-146-0x000002411AB10000-0x000002411AB20000-memory.dmp

Filesize
64KB

Download
memory/4248-147-0x000002411AB20000-0x000002411AB30000-memory.dmp

Filesize
64KB

Download
memory/4248-149-0x000002411AB30000-0x000002411AB40000-memory.dmp

Filesize
64KB

Download
memory/4248-148-0x000002411AA30000-0x000002411AA40000-memory.dmp

Filesize
64KB

Download
memory/4248-145-0x000002411AB00000-0x000002411AB10000-memory.dmp

Filesize
64KB

Download
memory/4248-144-0x000002411AAF0000-0x000002411AB00000-memory.dmp

Filesize
64KB

Download
memory/4248-141-0x000002411AA20000-0x000002411AA30000-memory.dmp

Filesize
64KB

Download
memory/4248-143-0x000002411AAE0000-0x000002411AAF0000-memory.dmp

Filesize
64KB

Download
memory/4248-151-0x000002411AA40000-0x000002411AA50000-memory.dmp

Filesize
64KB

Download
memory/4248-152-0x000002411AB40000-0x000002411AB50000-memory.dmp

Filesize
64KB

Download
memory/4248-155-0x000002411AA60000-0x000002411AA70000-memory.dmp

Filesize
64KB

Download
memory/4248-154-0x000002411AA50000-0x000002411AA60000-memory.dmp

Filesize
64KB

Download
memory/4248-156-0x000002411AB50000-0x000002411AB60000-memory.dmp

Filesize
64KB

Download
memory/4248-159-0x000002411AB60000-0x000002411AB70000-memory.dmp

Filesize
64KB

Download
memory/4248-158-0x000002411AA70000-0x000002411AA80000-memory.dmp

Filesize
64KB

Download
memory/4248-163-0x000002411AB70000-0x000002411AB80000-memory.dmp

Filesize
64KB

Download
memory/4248-162-0x000002411AA80000-0x000002411AA90000-memory.dmp

Filesize
64KB

Download
memory/4248-164-0x000002411AA90000-0x000002411AAA0000-memory.dmp

Filesize
64KB

Download
memory/4248-165-0x000002411AB80000-0x000002411AB90000-memory.dmp

Filesize
64KB

Download
memory/4248-169-0x000002411AB90000-0x000002411ABA0000-memory.dmp

Filesize
64KB

Download
memory/4248-168-0x000002411AAB0000-0x000002411AAC0000-memory.dmp

Filesize
64KB

Download
memory/4248-167-0x000002411AAA0000-0x000002411AAB0000-memory.dmp

Filesize
64KB

Download
memory/4248-175-0x000002411ABA0000-0x000002411ABB0000-memory.dmp

Filesize
64KB

Download
memory/4248-174-0x000002411AAC0000-0x000002411AAD0000-memory.dmp

Filesize
64KB

Download
memory/4248-180-0x000002411ABC0000-0x000002411ABD0000-memory.dmp

Filesize
64KB

Download
memory/4248-179-0x000002411ABB0000-0x000002411ABC0000-memory.dmp

Filesize
64KB

Download
memory/4248-178-0x000002411AAD0000-0x000002411AAE0000-memory.dmp

Filesize
64KB

Download
memory/4248-182-0x000002411AAE0000-0x000002411AAF0000-memory.dmp

Filesize
64KB

Download
memory/4248-183-0x000002411AAF0000-0x000002411AB00000-memory.dmp

Filesize
64KB

Download
memory/4248-184-0x000002411AB10000-0x000002411AB20000-memory.dmp

Filesize
64KB

Download
memory/4248-186-0x000002411ABD0000-0x000002411ABE0000-memory.dmp

Filesize
64KB

Download
memory/4248-185-0x000002411AB20000-0x000002411AB30000-memory.dmp

Filesize
64KB

Download
memory/4248-197-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-198-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-232-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-237-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-259-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-266-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-298-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-299-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-305-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-306-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-310-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-317-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-322-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-325-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-327-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download
memory/4248-335-0x0000024118D70000-0x0000024118D71000-memory.dmp

Filesize
4KB

Download