46c46e45d2ccd2c2660cd01c0e8350b33f44c45241125b00bd6b78e0ba7a9142

Resubmissions

21/08/2024, 22:27

21/08/2024, 22:25

max time kernel
19s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
21/08/2024, 22:25

Target

Fire-Editor-Awakening.jar
Size

15.4MB
MD5

134a6d900c78e7432767cb9c5bd3c09a
SHA1

0d7150540853c9e22fd3c66981a7d882ee7966f2
SHA256

46c46e45d2ccd2c2660cd01c0e8350b33f44c45241125b00bd6b78e0ba7a9142
SHA512

e68f90fe29a3bf774354f6e687dea8ef1bcbc4d86acc1080a6b099a0acfbb97cb6433bcdcca7871133f748da66bd99c1d75997c153921cb838c64bbd84859069
SSDEEP

393216:ONrH4fHtQIrs/qc8ze4lUjMKG6lW0F3ka5n/MfSn9i0KcGj:O5we7/q8R/+GVHGj

Score

5^/10

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
736	mspaint.exe
736	mspaint.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
736	mspaint.exe
660	OpenWith.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Fire-Editor-Awakening.jar
1⤵
PID:3160

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:2588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:660

memory/2588-14-0x0000021E18530000-0x0000021E18540000-memory.dmp

Filesize
64KB

Download
memory/2588-18-0x0000021E18570000-0x0000021E18580000-memory.dmp

Filesize
64KB

Download
memory/2588-25-0x0000021E211C0000-0x0000021E211C1000-memory.dmp

Filesize
4KB

Download
memory/2588-27-0x0000021E21240000-0x0000021E21241000-memory.dmp

Filesize
4KB

Download
memory/2588-29-0x0000021E21240000-0x0000021E21241000-memory.dmp

Filesize
4KB

Download
memory/2588-30-0x0000021E212D0000-0x0000021E212D1000-memory.dmp

Filesize
4KB

Download
memory/2588-31-0x0000021E212D0000-0x0000021E212D1000-memory.dmp

Filesize
4KB

Download
memory/2588-32-0x0000021E212E0000-0x0000021E212E1000-memory.dmp

Filesize
4KB

Download
memory/2588-33-0x0000021E212E0000-0x0000021E212E1000-memory.dmp

Filesize
4KB

Download
memory/3160-2-0x000001DFB22F0000-0x000001DFB2560000-memory.dmp

Filesize
2.4MB

Download
memory/3160-12-0x000001DFB0AE0000-0x000001DFB0AE1000-memory.dmp

Filesize
4KB

Download
memory/3160-13-0x000001DFB22F0000-0x000001DFB2560000-memory.dmp

Filesize
2.4MB

Download