a78367207efa009e8b0287d75dbb1b83cf98eaf3ec7c241dc21ddd34b5545015

Analysis

max time kernel
18s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Drk's ByfronFucker.exe
Size

7.5MB
MD5

0f821f7d9691de0b4710df98a967602f
SHA1

d31fd82016e42e01e72cf0d7ba72ff241ba85a57
SHA256

a78367207efa009e8b0287d75dbb1b83cf98eaf3ec7c241dc21ddd34b5545015
SHA512

68c577d2bc9d61c36825aa810105d723b48853d23fa4c5345010ac698ce76d9773a573dcc735dc6d7e69122e5c81ed6806d4cd220f0d06af4c64277e3a75b1d8
SSDEEP

196608:gadwYejzUwMvcOyk8q6X1+e1Y2n+TblT6vdKFc+yr0:gqy0woykyo2nedudKFHg0

Score

7^/10

discovery persistence

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1072	javaw.exe
1072	javaw.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1728574256616.tmp"	reg.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Drk's ByfronFucker.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1876	java.exe
1072	javaw.exe
1876	java.exe
1876	java.exe
1876	java.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 1072	4416	Drk's ByfronFucker.exe	83
PID 4416 wrote to memory of 1072	4416	Drk's ByfronFucker.exe	83
PID 1072 wrote to memory of 1876	1072	javaw.exe	87
PID 1072 wrote to memory of 1876	1072	javaw.exe	87
PID 1876 wrote to memory of 2168	1876	java.exe	90
PID 1876 wrote to memory of 2168	1876	java.exe	90
PID 1876 wrote to memory of 2724	1876	java.exe	92
PID 1876 wrote to memory of 2724	1876	java.exe	92
PID 2724 wrote to memory of 3120	2724	cmd.exe	94
PID 2724 wrote to memory of 3120	2724	cmd.exe	94

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2168	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Drk's ByfronFucker.exe
"C:\Users\Admin\AppData\Local\Temp\Drk's ByfronFucker.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Drk's ByfronFucker.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\NQvyRtQki2492290214446157442.tmp
    3⤵
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1876
  - - C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1728574256616.tmp
      4⤵
      Views/modifies file attributes
      PID:2168
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1728574256616.tmp" /f"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Windows\system32\reg.exe
        
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1728574256616.tmp" /f
        5⤵
        Adds Run key to start application
        
        PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6428f5be0ebdafd804f6bd192e96cd65

SHA1
686b76ed43c9bd3f0356add9e5689c95f340f84c

SHA256
5d8341a5e0a9d17ad9e32b96fd973930005330a7f2156366838711aff0bafda0

SHA512
16d485c6381d1b3738def7ef881481b9bbfab9f319722faa5a4e3acbfd87137a260dd9365f0853b42c74c50a9d459795df22901feac0dccda791bf0340a78f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\NQvyRtQki2492290214446157442.tmp

Filesize
710KB

MD5
bc9263297a02b664fe5795024e263c63

SHA1
c5e76f7b0ab987612513914ee43b66e215a896f2

SHA256
3e7d4c4b8eb1f2329feef957ffe55273b2e8d39ca06e44e2bda9fb18db8b8bf8

SHA512
1c3f8bd56b63325f1c67f83e8aa873479f8e7d3da27a2d7314f77d666d72967f1eef00130007eb5e61e015d47371cfa19e99db01a7c2b9fb1c83129cfeead17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1053656329221177833.tmp

Filesize
69KB

MD5
bb4f657a48364b32193e071e62ed8260

SHA1
f8fbe5bac1358147396db641873ef04865635b0f

SHA256
fa5885d2d6b6a79b12edcb11e0a4812ef6c374bda704c3db3a4a29b97c4417f2

SHA512
b47328a0d85f2a44853a9c521fe9b16a6d80b420290e3320bda88e01b9d1ce4ae322c26ba4c507b00aaa3abdb6c1358c3ea412c7c9369b4eae4fea1397d3fb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6779709135996363841.tmp

Filesize
69KB

MD5
13053c23f57d19a9a1b969b398fd2d6b

SHA1
f16bb4d479081e082b90e08a4414905838ee7994

SHA256
d3af4916973b795c65b9568a58fd3a6e34e89d73195f320a95804270b26c6c6c

SHA512
967bb6af5dc61b51ded059ec6505bbfd69f6dbe026a6ab1c75bc2f1de390300edfde44097694012a1bedc7bbf02076852cd87905a780425b28cab9f165125b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio8290099022043324025.tmp

Filesize
25KB

MD5
18d5848fadb34ac7e931ee5b70e5a29c

SHA1
071eb641359bde6d4e5306f85af03373b1d685ef

SHA256
48def87b1528bb422ee4c59f541058c7ba115dc358c6b9e20fa94163e7840046

SHA512
24d1e32d9ccb0c08cbc55c2a1628f791e2a2477896d37f7af340ea9dc44159bc0ac5768a0a2ba92a81a475c3a4803be6fc96a795a3bf34eecc79c6736bcd499d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.3.1-SNAPSHOT\glfw.dll

Filesize
357KB

MD5
dad976fafd111ceedc7a473932e9da8f

SHA1
3c0e8e7fcbc854a87219fbbfd181c2cc76018144

SHA256
f61949c469c54a5f4e5a8e1668255b919ee1237f1e568acf4127dda0abcdc9a8

SHA512
64801d4d34f130b5ee33d2df3a266e2aed981265d13c6552ab73418471398c49cab9a617647b64298c1de432d078f1a7b830d4330980e7ef10dd15a1d18bda11

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.3.1-SNAPSHOT\lwjgl.dll

Filesize
446KB

MD5
78b8212a157e985fa9d9ee9eaab033bd

SHA1
0c9b501520c20055ba77bbd8cae4895fcb1cfa40

SHA256
1cbc8a197aea7eee710735a57a8cae6c0953ad1fe2cb6e17c2e5afebeb93b5ec

SHA512
180dd20b04643d42195a30c28d455c923f395977f7dcb66b1ace85e99c1e3c00906542221092bf6d5465a5fc451d7523df862ab2bc050da3a136a6f635706d80

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4050598569-1597076380-177084960-1000\83aa4cc77f591dfc2374580bbd95f6ba_cca0d105-8260-4611-8c12-bd85a7208b9f

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1072-105-0x0000019480300000-0x0000019480310000-memory.dmp

Filesize
64KB

Download
memory/1072-93-0x00000194802C0000-0x00000194802D0000-memory.dmp

Filesize
64KB

Download
memory/1072-46-0x00000194802F0000-0x0000019480300000-memory.dmp

Filesize
64KB

Download
memory/1072-57-0x0000019480330000-0x0000019480340000-memory.dmp

Filesize
64KB

Download
memory/1072-3-0x0000019480000000-0x0000019480270000-memory.dmp

Filesize
2.4MB

Download
memory/1072-56-0x0000019480310000-0x0000019480320000-memory.dmp

Filesize
64KB

Download
memory/1072-63-0x0000019480280000-0x0000019480290000-memory.dmp

Filesize
64KB

Download
memory/1072-62-0x0000019480350000-0x0000019480360000-memory.dmp

Filesize
64KB

Download
memory/1072-61-0x0000019480340000-0x0000019480350000-memory.dmp

Filesize
64KB

Download
memory/1072-60-0x0000019480270000-0x0000019480280000-memory.dmp

Filesize
64KB

Download
memory/1072-55-0x0000019480320000-0x0000019480330000-memory.dmp

Filesize
64KB

Download
memory/1072-54-0x0000019480300000-0x0000019480310000-memory.dmp

Filesize
64KB

Download
memory/1072-51-0x0000019480000000-0x0000019480270000-memory.dmp

Filesize
2.4MB

Download
memory/1072-50-0x00000194FDFA0000-0x00000194FDFA1000-memory.dmp

Filesize
4KB

Download
memory/1072-42-0x00000194802C0000-0x00000194802D0000-memory.dmp

Filesize
64KB

Download
memory/1072-69-0x00000194802A0000-0x00000194802B0000-memory.dmp

Filesize
64KB

Download
memory/1072-70-0x0000019480360000-0x0000019480370000-memory.dmp

Filesize
64KB

Download
memory/1072-68-0x0000019480290000-0x00000194802A0000-memory.dmp

Filesize
64KB

Download
memory/1072-72-0x0000019480370000-0x0000019480380000-memory.dmp

Filesize
64KB

Download
memory/1072-45-0x00000194802D0000-0x00000194802E0000-memory.dmp

Filesize
64KB

Download
memory/1072-27-0x0000019480280000-0x0000019480290000-memory.dmp

Filesize
64KB

Download
memory/1072-90-0x00000194802B0000-0x00000194802C0000-memory.dmp

Filesize
64KB

Download
memory/1072-94-0x00000194802E0000-0x00000194802F0000-memory.dmp

Filesize
64KB

Download
memory/1072-34-0x0000019480290000-0x00000194802A0000-memory.dmp

Filesize
64KB

Download
memory/1072-92-0x0000019480390000-0x00000194803A0000-memory.dmp

Filesize
64KB

Download
memory/1072-91-0x0000019480380000-0x0000019480390000-memory.dmp

Filesize
64KB

Download
memory/1072-96-0x00000194FDFA0000-0x00000194FDFA1000-memory.dmp

Filesize
4KB

Download
memory/1072-112-0x0000019480380000-0x0000019480390000-memory.dmp

Filesize
64KB

Download
memory/1072-111-0x0000019480370000-0x0000019480380000-memory.dmp

Filesize
64KB

Download
memory/1072-110-0x0000019480360000-0x0000019480370000-memory.dmp

Filesize
64KB

Download
memory/1072-109-0x0000019480350000-0x0000019480360000-memory.dmp

Filesize
64KB

Download
memory/1072-108-0x0000019480340000-0x0000019480350000-memory.dmp

Filesize
64KB

Download
memory/1072-107-0x0000019480000000-0x0000019480270000-memory.dmp

Filesize
2.4MB

Download
memory/1072-106-0x0000019480320000-0x0000019480330000-memory.dmp

Filesize
64KB

Download
memory/1072-38-0x00000194802B0000-0x00000194802C0000-memory.dmp

Filesize
64KB

Download
memory/1072-104-0x00000194802F0000-0x0000019480300000-memory.dmp

Filesize
64KB

Download
memory/1072-23-0x0000019480270000-0x0000019480280000-memory.dmp

Filesize
64KB

Download
memory/1072-43-0x00000194802E0000-0x00000194802F0000-memory.dmp

Filesize
64KB

Download
memory/1072-103-0x0000019480330000-0x0000019480340000-memory.dmp

Filesize
64KB

Download
memory/1072-102-0x00000194802A0000-0x00000194802B0000-memory.dmp

Filesize
64KB

Download
memory/1072-101-0x0000019480290000-0x00000194802A0000-memory.dmp

Filesize
64KB

Download
memory/1072-100-0x0000019480280000-0x0000019480290000-memory.dmp

Filesize
64KB

Download
memory/1072-99-0x0000019480270000-0x0000019480280000-memory.dmp

Filesize
64KB

Download
memory/1072-98-0x00000194802D0000-0x00000194802E0000-memory.dmp

Filesize
64KB

Download
memory/1072-97-0x0000019480310000-0x0000019480320000-memory.dmp

Filesize
64KB

Download
memory/1072-35-0x00000194802A0000-0x00000194802B0000-memory.dmp

Filesize
64KB

Download
memory/1876-267-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-125-0x0000016DC6220000-0x0000016DC6230000-memory.dmp

Filesize
64KB

Download
memory/1876-53-0x0000016DC5F60000-0x0000016DC61D0000-memory.dmp

Filesize
2.4MB

Download
memory/1876-121-0x0000016DC61F0000-0x0000016DC6200000-memory.dmp

Filesize
64KB

Download
memory/1876-120-0x0000016DC61E0000-0x0000016DC61F0000-memory.dmp

Filesize
64KB

Download
memory/1876-122-0x0000016DC6200000-0x0000016DC6210000-memory.dmp

Filesize
64KB

Download
memory/1876-157-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-163-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-170-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-177-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-115-0x0000016DC61D0000-0x0000016DC61E0000-memory.dmp

Filesize
64KB

Download
memory/1876-182-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-185-0x0000016DC61D0000-0x0000016DC61E0000-memory.dmp

Filesize
64KB

Download
memory/1876-188-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-190-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-193-0x0000016DC6200000-0x0000016DC6210000-memory.dmp

Filesize
64KB

Download
memory/1876-192-0x0000016DC61F0000-0x0000016DC6200000-memory.dmp

Filesize
64KB

Download
memory/1876-191-0x0000016DC61E0000-0x0000016DC61F0000-memory.dmp

Filesize
64KB

Download
memory/1876-197-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-198-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-202-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-124-0x0000016DC6210000-0x0000016DC6220000-memory.dmp

Filesize
64KB

Download
memory/1876-218-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-250-0x0000016DC6210000-0x0000016DC6220000-memory.dmp

Filesize
64KB

Download
memory/1876-251-0x0000016DC6220000-0x0000016DC6230000-memory.dmp

Filesize
64KB

Download
memory/1876-19-0x0000016DC5F60000-0x0000016DC61D0000-memory.dmp

Filesize
2.4MB

Download
memory/1876-113-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-309-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/1876-359-0x0000016DC5F40000-0x0000016DC5F41000-memory.dmp

Filesize
4KB

Download
memory/4416-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads