d1c833e97717ab54b91a8631e0b07d01fc4762049021a241b181115b5eeea5e2

Analysis

max time kernel
137s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1c833e97717ab54b91a8631e0b07d01fc4762049021a241b181115b5eeea5e2.jar
Size

11.7MB
MD5

9f2ee17e5edc8a75fe26f12d01b61ef8
SHA1

ede9502b3ea01e14ba655a2b950d1035aa87d82f
SHA256

d1c833e97717ab54b91a8631e0b07d01fc4762049021a241b181115b5eeea5e2
SHA512

2714c94181d03f20fe2d0637e0e2f27b562c1ed10416dc52e5aa8a37df5c3e4219775be4d869b61006805c4d06be38b8bb0e1c09a29fe061f71d74f6cdb417e2
SSDEEP

196608:B9VAL8N4LMEIsHv8bL3bnL9/bNHn/4jaY3kyu1Ci2wLkpgL7sWgJwzPcCSLm:6DMEXILLLB5LMs1cwoafbgYJSLm

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1727833053422.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4840	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 824	4840	java.exe	83
PID 4840 wrote to memory of 824	4840	java.exe	83
PID 4840 wrote to memory of 1608	4840	java.exe	85
PID 4840 wrote to memory of 1608	4840	java.exe	85
PID 1608 wrote to memory of 2548	1608	cmd.exe	87
PID 1608 wrote to memory of 2548	1608	cmd.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
824	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\d1c833e97717ab54b91a8631e0b07d01fc4762049021a241b181115b5eeea5e2.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1727833053422.tmp
  2⤵
  - Views/modifies file attributes
  PID:824
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1727833053422.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1727833053422.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1727833053422.tmp

Filesize
11.7MB

MD5
9f2ee17e5edc8a75fe26f12d01b61ef8

SHA1
ede9502b3ea01e14ba655a2b950d1035aa87d82f

SHA256
d1c833e97717ab54b91a8631e0b07d01fc4762049021a241b181115b5eeea5e2

SHA512
2714c94181d03f20fe2d0637e0e2f27b562c1ed10416dc52e5aa8a37df5c3e4219775be4d869b61006805c4d06be38b8bb0e1c09a29fe061f71d74f6cdb417e2

Download Submit
memory/4840-36-0x0000023898590000-0x0000023898800000-memory.dmp

Filesize
2.4MB

Download
memory/4840-50-0x0000023898880000-0x0000023898890000-memory.dmp

Filesize
64KB

Download
memory/4840-35-0x0000023898570000-0x0000023898571000-memory.dmp

Filesize
4KB

Download
memory/4840-21-0x0000023898830000-0x0000023898840000-memory.dmp

Filesize
64KB

Download
memory/4840-25-0x0000023898850000-0x0000023898860000-memory.dmp

Filesize
64KB

Download
memory/4840-24-0x0000023898840000-0x0000023898850000-memory.dmp

Filesize
64KB

Download
memory/4840-27-0x0000023898860000-0x0000023898870000-memory.dmp

Filesize
64KB

Download
memory/4840-16-0x0000023898800000-0x0000023898810000-memory.dmp

Filesize
64KB

Download
memory/4840-30-0x0000023898570000-0x0000023898571000-memory.dmp

Filesize
4KB

Download
memory/4840-38-0x0000023898800000-0x0000023898810000-memory.dmp

Filesize
64KB

Download
memory/4840-20-0x0000023898820000-0x0000023898830000-memory.dmp

Filesize
64KB

Download
memory/4840-17-0x0000023898810000-0x0000023898820000-memory.dmp

Filesize
64KB

Download
memory/4840-32-0x0000023898870000-0x0000023898880000-memory.dmp

Filesize
64KB

Download
memory/4840-39-0x0000023898810000-0x0000023898820000-memory.dmp

Filesize
64KB

Download
memory/4840-40-0x0000023898820000-0x0000023898830000-memory.dmp

Filesize
64KB

Download
memory/4840-41-0x0000023898830000-0x0000023898840000-memory.dmp

Filesize
64KB

Download
memory/4840-42-0x0000023898840000-0x0000023898850000-memory.dmp

Filesize
64KB

Download
memory/4840-43-0x0000023898850000-0x0000023898860000-memory.dmp

Filesize
64KB

Download
memory/4840-44-0x0000023898860000-0x0000023898870000-memory.dmp

Filesize
64KB

Download
memory/4840-45-0x0000023898870000-0x0000023898880000-memory.dmp

Filesize
64KB

Download
memory/4840-48-0x0000023898880000-0x0000023898890000-memory.dmp

Filesize
64KB

Download
memory/4840-49-0x0000023898570000-0x0000023898571000-memory.dmp

Filesize
4KB

Download
memory/4840-2-0x0000023898590000-0x0000023898800000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads