c93f9dcb6466a734335fe3d1f7656926f24edd94e5c029d23fbb1c729ee21f2d

Analysis

max time kernel
131s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

javav1.4/YingJAD14.exe
Size

960KB
MD5

6d4f3fc273e7602ff6d298e0fcff16e6
SHA1

63fe84dfc8e86f3e46cf34577b9b511ef3f4cf0f
SHA256

08db36f7651bbfb1770cb9bfb7846cd3be0f41ef2b7cfd68cc8ed82f5ccb4ade
SHA512

db88e332f5408ddfafee87951e166dcf753077df10dbf991f0eb2c83532b900bbd527b8feb998796496c6b1e26a1067e20ca033cac6209c79e4dc25ac233111f
SSDEEP

24576:EbMbn+Tp2NkBLfqTHtvXA87i7Sr+ZxUBDee592:IhpxiTN/A8RIK2

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YingJAD14.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\IESettingSync	YingJAD14.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	YingJAD14.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	YingJAD14.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	YingJAD14.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	YingJAD14.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	YingJAD14.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\International\CpMRU	YingJAD14.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	YingJAD14.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	YingJAD14.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2920	YingJAD14.exe
2920	YingJAD14.exe
2920	YingJAD14.exe
2920	YingJAD14.exe

C:\Users\Admin\AppData\Local\Temp\javav1.4\YingJAD14.exe
"C:\Users\Admin\AppData\Local\Temp\javav1.4\YingJAD14.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~temp2024818154044764Doc.htm

Filesize
41KB

MD5
d7fd250f64a9ffbfcccb96d9e1203b7e

SHA1
c400b8c4ed1dcaef8f9bb87d5dccd2d4c490841f

SHA256
cdb18826ff4bd796f702a4f34d9754ba014dd7b3e829a138b9199fe81156bfb9

SHA512
6910e2da117ff0916cc80d5d0cdf31db01ce2d19110923b02afd3fdca66a967586785cf952028cb8382e48da3a0ee6a1f9814bb20844296169480458a0dd373e

Download Submit