Analysis Overview
SHA256
547c316e16556fca838a6cc40bfe9b3906e5301a69b0f577946e031564ee59be
Threat Level: Likely benign
The file 7a71f59d2ca32497a08d0cf9f05790d0N.exe was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 06:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win7-20240708-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1872 wrote to memory of 1880 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre7\bin\javaw.exe |
| PID 1872 wrote to memory of 1880 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre7\bin\javaw.exe |
| PID 1872 wrote to memory of 1880 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre7\bin\javaw.exe |
| PID 1872 wrote to memory of 1880 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre7\bin\javaw.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe
"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"
C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bhop.in | udp |
| RU | 88.212.247.68:443 | bhop.in | tcp |
Files
memory/1872-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/1880-3-0x0000000002490000-0x0000000002700000-memory.dmp
memory/1880-15-0x0000000001CC0000-0x0000000001CCA000-memory.dmp
memory/1880-14-0x0000000001CC0000-0x0000000001CCA000-memory.dmp
memory/1880-20-0x0000000000140000-0x0000000000141000-memory.dmp
memory/1880-26-0x0000000002490000-0x0000000002700000-memory.dmp
memory/1880-27-0x0000000001CC0000-0x0000000001CCA000-memory.dmp
memory/1880-28-0x0000000001CC0000-0x0000000001CCA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win10v2004-20240802-en
Max time kernel
102s
Max time network
103s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4976 wrote to memory of 1808 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre-1.8\bin\javaw.exe |
| PID 4976 wrote to memory of 1808 | N/A | C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe | C:\Program Files\Java\jre-1.8\bin\javaw.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe
"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bhop.in | udp |
| RU | 88.212.247.68:443 | bhop.in | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.247.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/4976-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/1808-3-0x000001CF5FAE0000-0x000001CF5FD50000-memory.dmp
memory/1808-20-0x000001CF5E2F0000-0x000001CF5E2F1000-memory.dmp
memory/1808-22-0x000001CF5FD50000-0x000001CF5FD60000-memory.dmp
memory/1808-24-0x000001CF5FD60000-0x000001CF5FD70000-memory.dmp
memory/1808-26-0x000001CF5FD70000-0x000001CF5FD80000-memory.dmp
memory/1808-29-0x000001CF5FD80000-0x000001CF5FD90000-memory.dmp
memory/1808-30-0x000001CF5FD90000-0x000001CF5FDA0000-memory.dmp
memory/1808-33-0x000001CF5FDA0000-0x000001CF5FDB0000-memory.dmp
memory/1808-34-0x000001CF5FDB0000-0x000001CF5FDC0000-memory.dmp
memory/1808-37-0x000001CF5FDC0000-0x000001CF5FDD0000-memory.dmp
memory/1808-39-0x000001CF5FDD0000-0x000001CF5FDE0000-memory.dmp
memory/1808-38-0x000001CF5FAE0000-0x000001CF5FD50000-memory.dmp
memory/1808-44-0x000001CF5FD50000-0x000001CF5FD60000-memory.dmp
memory/1808-43-0x000001CF5FDF0000-0x000001CF5FE00000-memory.dmp
memory/1808-42-0x000001CF5FDE0000-0x000001CF5FDF0000-memory.dmp
memory/1808-47-0x000001CF5FE00000-0x000001CF5FE10000-memory.dmp
memory/1808-46-0x000001CF5FD60000-0x000001CF5FD70000-memory.dmp
memory/1808-50-0x000001CF5FD70000-0x000001CF5FD80000-memory.dmp
memory/1808-51-0x000001CF5FE10000-0x000001CF5FE20000-memory.dmp
memory/1808-55-0x000001CF5FE20000-0x000001CF5FE30000-memory.dmp
memory/1808-54-0x000001CF5FD90000-0x000001CF5FDA0000-memory.dmp
memory/1808-53-0x000001CF5FD80000-0x000001CF5FD90000-memory.dmp
memory/1808-60-0x000001CF5FDB0000-0x000001CF5FDC0000-memory.dmp
memory/1808-59-0x000001CF5FDA0000-0x000001CF5FDB0000-memory.dmp
memory/1808-58-0x000001CF5FE40000-0x000001CF5FE50000-memory.dmp
memory/1808-62-0x000001CF5FE50000-0x000001CF5FE60000-memory.dmp
memory/1808-57-0x000001CF5FE30000-0x000001CF5FE40000-memory.dmp
memory/1808-66-0x000001CF5FE60000-0x000001CF5FE70000-memory.dmp
memory/1808-65-0x000001CF5FDC0000-0x000001CF5FDD0000-memory.dmp
memory/1808-70-0x000001CF5FDD0000-0x000001CF5FDE0000-memory.dmp
memory/1808-71-0x000001CF5FE70000-0x000001CF5FE80000-memory.dmp
memory/1808-77-0x000001CF5FE80000-0x000001CF5FE90000-memory.dmp
memory/1808-76-0x000001CF5FDF0000-0x000001CF5FE00000-memory.dmp
memory/1808-75-0x000001CF5FDE0000-0x000001CF5FDF0000-memory.dmp
memory/1808-80-0x000001CF5FE90000-0x000001CF5FEA0000-memory.dmp
memory/1808-81-0x000001CF5FE00000-0x000001CF5FE10000-memory.dmp
memory/1808-82-0x000001CF5FEA0000-0x000001CF5FEB0000-memory.dmp
memory/1808-85-0x000001CF5FE10000-0x000001CF5FE20000-memory.dmp
memory/1808-88-0x000001CF5FE20000-0x000001CF5FE30000-memory.dmp
memory/1808-87-0x000001CF5FEC0000-0x000001CF5FED0000-memory.dmp
memory/1808-86-0x000001CF5FEB0000-0x000001CF5FEC0000-memory.dmp
memory/1808-91-0x000001CF5FE30000-0x000001CF5FE40000-memory.dmp
memory/1808-93-0x000001CF5FED0000-0x000001CF5FEE0000-memory.dmp
memory/1808-92-0x000001CF5FE40000-0x000001CF5FE50000-memory.dmp
memory/1808-94-0x000001CF5FEE0000-0x000001CF5FEF0000-memory.dmp
memory/1808-97-0x000001CF5E2F0000-0x000001CF5E2F1000-memory.dmp
memory/1808-99-0x000001CF5FEF0000-0x000001CF5FF00000-memory.dmp
memory/1808-98-0x000001CF5FE50000-0x000001CF5FE60000-memory.dmp
memory/1808-102-0x000001CF5FE60000-0x000001CF5FE70000-memory.dmp
memory/1808-104-0x000001CF5FE70000-0x000001CF5FE80000-memory.dmp
memory/1808-105-0x000001CF5FE80000-0x000001CF5FE90000-memory.dmp
memory/1808-106-0x000001CF5FE90000-0x000001CF5FEA0000-memory.dmp
memory/1808-107-0x000001CF5FEA0000-0x000001CF5FEB0000-memory.dmp
memory/1808-108-0x000001CF5FEB0000-0x000001CF5FEC0000-memory.dmp
memory/1808-109-0x000001CF5FEC0000-0x000001CF5FED0000-memory.dmp
memory/1808-110-0x000001CF5FED0000-0x000001CF5FEE0000-memory.dmp
memory/1808-111-0x000001CF5FEE0000-0x000001CF5FEF0000-memory.dmp
memory/1808-112-0x000001CF5FEF0000-0x000001CF5FF00000-memory.dmp
memory/1808-114-0x000001CF5FF00000-0x000001CF5FF10000-memory.dmp
memory/1808-115-0x000001CF5FF00000-0x000001CF5FF10000-memory.dmp