f51e4d9f7907dd07ee264439433e0051c5136712cbbb0cc5a81be3b7023df585

Resubmissions

18-10-2024 19:59

241018-yqwp8axejn 7

18-10-2024 19:55

241018-ynenxsvgjb 1

18-10-2024 19:55

241018-ym477axcqj 7

12-10-2023 23:22

231012-3cqdhaeh6t 10

Analysis

max time kernel
16s
max time network
18s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-10-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Installer.jar
Size

18.4MB
MD5

eaf63a5d5730fcf1c8cc5cf27354e911
SHA1

f22c4b0a9c608ec00b6b84cabe434a240063e642
SHA256

f51e4d9f7907dd07ee264439433e0051c5136712cbbb0cc5a81be3b7023df585
SHA512

2dca09810b38664f23ca89d72f24e632d5c74874b4d9d0174dce86c30126ee1296a281da768b228840f0160ddb331e48591799799cadbf5a02d294e914a09a80
SSDEEP

393216:p6aRouWO9ojV8LJxXlReGOHsxoU+REFJAHYyjFRyHJpy/LAfIiMYX/rQ:PRQ+oqdxVReGksiJL4CFcH2EX/s

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4984	java.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4984	java.exe
4984	java.exe
4984	java.exe
4984	java.exe
4984	java.exe
4984	java.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Installer.jar
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4984

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\68cdb10b-bf49-49e8-978b-451935603caa.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4786986821100.dll

Filesize
21KB

MD5
4ca3290a99adadde557930cd481d7539

SHA1
26034442a76131dd3d37c8f28b6e9bebc7c1fe7c

SHA256
dd130c68dc36bcedbe51a6b8ec3b3358a460d45952f6280e12331f48850b6b3b

SHA512
9341c60f92dd3f89f82555055924bdae6fcce1e4cd13a7dde5129ebdce04bae377292237a2ed6c3e7623b242e82b01c7ed1717af4d7db8ca473e9fd7b7b190d5

Download Submit
memory/4984-2-0x0000022912120000-0x0000022912390000-memory.dmp

Filesize
2.4MB

Download
memory/4984-19-0x00000229108B0000-0x00000229108B1000-memory.dmp

Filesize
4KB

Download
memory/4984-23-0x0000022912390000-0x00000229123A0000-memory.dmp

Filesize
64KB

Download
memory/4984-28-0x00000229123A0000-0x00000229123B0000-memory.dmp

Filesize
64KB

Download
memory/4984-30-0x00000229123B0000-0x00000229123C0000-memory.dmp

Filesize
64KB

Download
memory/4984-32-0x00000229123C0000-0x00000229123D0000-memory.dmp

Filesize
64KB

Download
memory/4984-34-0x00000229123D0000-0x00000229123E0000-memory.dmp

Filesize
64KB

Download
memory/4984-38-0x00000229123E0000-0x00000229123F0000-memory.dmp

Filesize
64KB

Download
memory/4984-39-0x00000229123F0000-0x0000022912400000-memory.dmp

Filesize
64KB

Download
memory/4984-42-0x0000022912400000-0x0000022912410000-memory.dmp

Filesize
64KB

Download
memory/4984-45-0x0000022912410000-0x0000022912420000-memory.dmp

Filesize
64KB

Download
memory/4984-44-0x0000022912120000-0x0000022912390000-memory.dmp

Filesize
2.4MB

Download
memory/4984-48-0x0000022912420000-0x0000022912430000-memory.dmp

Filesize
64KB

Download
memory/4984-50-0x0000022912390000-0x00000229123A0000-memory.dmp

Filesize
64KB

Download
memory/4984-51-0x0000022912430000-0x0000022912440000-memory.dmp

Filesize
64KB

Download
memory/4984-52-0x00000229108B0000-0x00000229108B1000-memory.dmp

Filesize
4KB

Download
memory/4984-55-0x0000022912440000-0x0000022912450000-memory.dmp

Filesize
64KB

Download
memory/4984-54-0x00000229123A0000-0x00000229123B0000-memory.dmp

Filesize
64KB

Download
memory/4984-57-0x00000229123B0000-0x00000229123C0000-memory.dmp

Filesize
64KB

Download
memory/4984-60-0x0000022912450000-0x0000022912460000-memory.dmp

Filesize
64KB

Download
memory/4984-59-0x00000229123C0000-0x00000229123D0000-memory.dmp

Filesize
64KB

Download
memory/4984-62-0x00000229123D0000-0x00000229123E0000-memory.dmp

Filesize
64KB

Download
memory/4984-63-0x0000022912460000-0x0000022912470000-memory.dmp

Filesize
64KB

Download
memory/4984-65-0x00000229123E0000-0x00000229123F0000-memory.dmp

Filesize
64KB

Download
memory/4984-67-0x00000229123F0000-0x0000022912400000-memory.dmp

Filesize
64KB

Download
memory/4984-68-0x0000022912470000-0x0000022912480000-memory.dmp

Filesize
64KB

Download
memory/4984-72-0x00000229108B0000-0x00000229108B1000-memory.dmp

Filesize
4KB

Download
memory/4984-73-0x0000022912400000-0x0000022912410000-memory.dmp

Filesize
64KB

Download
memory/4984-75-0x0000022912480000-0x0000022912490000-memory.dmp

Filesize
64KB

Download
memory/4984-78-0x0000022912410000-0x0000022912420000-memory.dmp

Filesize
64KB

Download
memory/4984-79-0x0000022912490000-0x00000229124A0000-memory.dmp

Filesize
64KB

Download
memory/4984-83-0x0000022912420000-0x0000022912430000-memory.dmp

Filesize
64KB

Download
memory/4984-84-0x00000229124A0000-0x00000229124B0000-memory.dmp

Filesize
64KB

Download
memory/4984-87-0x00000229124B0000-0x00000229124C0000-memory.dmp

Filesize
64KB

Download
memory/4984-86-0x0000022912430000-0x0000022912440000-memory.dmp

Filesize
64KB

Download
memory/4984-91-0x00000229124C0000-0x00000229124D0000-memory.dmp

Filesize
64KB

Download
memory/4984-90-0x0000022912440000-0x0000022912450000-memory.dmp

Filesize
64KB

Download
memory/4984-93-0x00000229124D0000-0x00000229124E0000-memory.dmp

Filesize
64KB

Download
memory/4984-95-0x0000022912450000-0x0000022912460000-memory.dmp

Filesize
64KB

Download
memory/4984-96-0x00000229124E0000-0x00000229124F0000-memory.dmp

Filesize
64KB

Download
memory/4984-100-0x00000229124F0000-0x0000022912500000-memory.dmp

Filesize
64KB

Download
memory/4984-99-0x0000022912460000-0x0000022912470000-memory.dmp

Filesize
64KB

Download
memory/4984-102-0x0000022912500000-0x0000022912510000-memory.dmp

Filesize
64KB

Download
memory/4984-103-0x00000229108B0000-0x00000229108B1000-memory.dmp

Filesize
4KB

Download
memory/4984-110-0x0000022912510000-0x0000022912520000-memory.dmp

Filesize
64KB

Download
memory/4984-115-0x0000022912480000-0x0000022912490000-memory.dmp

Filesize
64KB

Download
memory/4984-116-0x0000022912520000-0x0000022912530000-memory.dmp

Filesize
64KB

Download
memory/4984-108-0x0000022912470000-0x0000022912480000-memory.dmp

Filesize
64KB

Download
memory/4984-117-0x0000022912490000-0x00000229124A0000-memory.dmp

Filesize
64KB

Download
memory/4984-118-0x0000022912530000-0x0000022912540000-memory.dmp

Filesize
64KB

Download
memory/4984-119-0x00000229124A0000-0x00000229124B0000-memory.dmp

Filesize
64KB

Download
memory/4984-120-0x0000022912540000-0x0000022912550000-memory.dmp

Filesize
64KB

Download
memory/4984-123-0x00000229124B0000-0x00000229124C0000-memory.dmp

Filesize
64KB

Download
memory/4984-124-0x0000022912550000-0x0000022912560000-memory.dmp

Filesize
64KB

Download
memory/4984-127-0x00000229124C0000-0x00000229124D0000-memory.dmp

Filesize
64KB

Download
memory/4984-128-0x0000022912560000-0x0000022912570000-memory.dmp

Filesize
64KB

Download
memory/4984-130-0x00000229124D0000-0x00000229124E0000-memory.dmp

Filesize
64KB

Download
memory/4984-131-0x0000022912570000-0x0000022912580000-memory.dmp

Filesize
64KB

Download
memory/4984-135-0x00000229108B0000-0x00000229108B1000-memory.dmp

Filesize
4KB

Download
memory/4984-136-0x0000022912120000-0x0000022912390000-memory.dmp

Filesize
2.4MB

Download
memory/4984-166-0x0000022912570000-0x0000022912580000-memory.dmp

Filesize
64KB

Download
memory/4984-165-0x0000022912560000-0x0000022912570000-memory.dmp

Filesize
64KB

Download
memory/4984-164-0x0000022912550000-0x0000022912560000-memory.dmp

Filesize
64KB

Download
memory/4984-163-0x0000022912540000-0x0000022912550000-memory.dmp

Filesize
64KB

Download
memory/4984-162-0x0000022912530000-0x0000022912540000-memory.dmp

Filesize
64KB

Download
memory/4984-161-0x0000022912520000-0x0000022912530000-memory.dmp

Filesize
64KB

Download
memory/4984-160-0x0000022912510000-0x0000022912520000-memory.dmp

Filesize
64KB

Download
memory/4984-159-0x0000022912500000-0x0000022912510000-memory.dmp

Filesize
64KB

Download
memory/4984-158-0x00000229124F0000-0x0000022912500000-memory.dmp

Filesize
64KB

Download
memory/4984-157-0x00000229124E0000-0x00000229124F0000-memory.dmp

Filesize
64KB

Download
memory/4984-156-0x00000229124D0000-0x00000229124E0000-memory.dmp

Filesize
64KB

Download
memory/4984-155-0x00000229124C0000-0x00000229124D0000-memory.dmp

Filesize
64KB

Download
memory/4984-154-0x00000229124A0000-0x00000229124B0000-memory.dmp

Filesize
64KB

Download
memory/4984-153-0x0000022912490000-0x00000229124A0000-memory.dmp

Filesize
64KB

Download
memory/4984-152-0x0000022912480000-0x0000022912490000-memory.dmp

Filesize
64KB

Download
memory/4984-151-0x0000022912470000-0x0000022912480000-memory.dmp

Filesize
64KB

Download
memory/4984-150-0x0000022912460000-0x0000022912470000-memory.dmp

Filesize
64KB

Download
memory/4984-149-0x0000022912450000-0x0000022912460000-memory.dmp

Filesize
64KB

Download
memory/4984-148-0x0000022912440000-0x0000022912450000-memory.dmp

Filesize
64KB

Download
memory/4984-147-0x0000022912430000-0x0000022912440000-memory.dmp

Filesize
64KB

Download
memory/4984-146-0x0000022912420000-0x0000022912430000-memory.dmp

Filesize
64KB

Download
memory/4984-145-0x0000022912410000-0x0000022912420000-memory.dmp

Filesize
64KB

Download
memory/4984-144-0x0000022912400000-0x0000022912410000-memory.dmp

Filesize
64KB

Download
memory/4984-143-0x00000229123F0000-0x0000022912400000-memory.dmp

Filesize
64KB

Download
memory/4984-142-0x00000229123E0000-0x00000229123F0000-memory.dmp

Filesize
64KB

Download
memory/4984-141-0x00000229123D0000-0x00000229123E0000-memory.dmp

Filesize
64KB

Download
memory/4984-140-0x00000229123C0000-0x00000229123D0000-memory.dmp

Filesize
64KB

Download
memory/4984-139-0x00000229123B0000-0x00000229123C0000-memory.dmp

Filesize
64KB

Download
memory/4984-138-0x00000229123A0000-0x00000229123B0000-memory.dmp

Filesize
64KB

Download
memory/4984-137-0x0000022912390000-0x00000229123A0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads