f8b5f8491d1b59cc6d9cead4dd92f62085852aec00eec234c959cb031c7317d0

Analysis

max time kernel
103s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netter client.jar
Size

639KB
MD5

ac7aa68224aca52f547893fb48e7d1f7
SHA1

56b1cbb4a12bef2b25d61a0ee102e7ba09c5faaf
SHA256

f8b5f8491d1b59cc6d9cead4dd92f62085852aec00eec234c959cb031c7317d0
SHA512

0b8149560e8bef895fc10cc9644370c5b4b89272c9ba11af39325b68cd059661d21171f10929c0fa319e3f716e442e81ca3dbdde096cbbc343eb65de9f6a3012
SSDEEP

12288:5nxuQA/s2oDSf4jG8+p3go/NR7+B0uNKVhgA5uRCD3+uU2t0ST7DwL:5nwQMkDm4q/3go3exKVeC3+uJtHT7DwL

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1729419525319.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3992	java.exe
3992	java.exe
3992	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1468	3992	java.exe	89
PID 3992 wrote to memory of 1468	3992	java.exe	89
PID 1468 wrote to memory of 2676	1468	cmd.exe	91
PID 1468 wrote to memory of 2676	1468	cmd.exe	91
PID 3992 wrote to memory of 4400	3992	java.exe	102
PID 3992 wrote to memory of 4400	3992	java.exe	102

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Netter client.jar"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729419525319.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729419525319.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:2676
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Home
  2⤵
  PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio398516051483252469.tmp

Filesize
27KB

MD5
61caf13b8da5f35bc3af6e613a729a5c

SHA1
ebcb05173f540b0f0419b4b3c394a8e894b66242

SHA256
f0805da18005d8d1692c0cf9480188af2394ed3467c676bd9ec45f93b6828f2f

SHA512
613da95d2237c318652d9d0af6b07a89aab95c70379b04c7546669c787f492d6123c8e4e5bf42cff7adc722adfa8896e1a9f4ef42b7e279d446956d713e200ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4300680570773928128.tmp

Filesize
27KB

MD5
4cf140c119d9e6fa600e3220c4269b1e

SHA1
460c191e84fb0a4afadfdb79c519f49eb31f31c0

SHA256
9fbda1ee81c4408b003ebdf5edaead0dd59c3170bb442034f60d3baa663b4f43

SHA512
304e63aa99bfd408a904d886a7a2ffb53f7323e35cd172c734ef8845027022ff90dc4fbb1bb38f35a6a1464cf30deae2492df1715a1f5d510e6dd54e9cf69a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio620070247758311298.tmp

Filesize
27KB

MD5
4e8ea84001d3d4bdf705214099d6630e

SHA1
8e865393a767ccb3fee736091399221a8cb3e6a5

SHA256
1b99f903b4352b5b69e3d0978f2b8bb66eb590420fe50d5b9282bfaa0f186b8e

SHA512
ec18223bb30a158693f8bd8b583ca92ab0862f127cd7d1c69396d76b93a82d64d6c32e0031729d3d6776797d4f218b10ad6fec94ca70ef06360857507691eb24

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7854838565523403685.tmp

Filesize
3KB

MD5
22c3bc2c01f8b0ddf026c14666f721af

SHA1
7ddd20b43690b186e5b7acecb342f9f571e34779

SHA256
85a4b95191d229e7978ad78165d021d00fbdb95f13284f883ed897310f7bf558

SHA512
62291f7194d15e22e220222672f2701b9c949677c36b36ef49fb1b3ef0a1762f21f0415625242c0c1d1761f10b98948dae595aeb9c32e33e5956d7cec9e86458

Download Submit
memory/3992-2-0x000001F242D90000-0x000001F243000000-memory.dmp

Filesize
2.4MB

Download
memory/3992-17-0x000001F243010000-0x000001F243020000-memory.dmp

Filesize
64KB

Download
memory/3992-16-0x000001F243000000-0x000001F243010000-memory.dmp

Filesize
64KB

Download
memory/3992-19-0x000001F243020000-0x000001F243030000-memory.dmp

Filesize
64KB

Download
memory/3992-21-0x000001F243030000-0x000001F243040000-memory.dmp

Filesize
64KB

Download
memory/3992-23-0x000001F243040000-0x000001F243050000-memory.dmp

Filesize
64KB

Download
memory/3992-25-0x000001F243050000-0x000001F243060000-memory.dmp

Filesize
64KB

Download
memory/3992-27-0x000001F243060000-0x000001F243070000-memory.dmp

Filesize
64KB

Download
memory/3992-30-0x000001F243070000-0x000001F243080000-memory.dmp

Filesize
64KB

Download
memory/3992-34-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-37-0x000001F243080000-0x000001F243090000-memory.dmp

Filesize
64KB

Download
memory/3992-38-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-39-0x000001F242D90000-0x000001F243000000-memory.dmp

Filesize
2.4MB

Download
memory/3992-40-0x000001F243000000-0x000001F243010000-memory.dmp

Filesize
64KB

Download
memory/3992-41-0x000001F243010000-0x000001F243020000-memory.dmp

Filesize
64KB

Download
memory/3992-43-0x000001F243020000-0x000001F243030000-memory.dmp

Filesize
64KB

Download
memory/3992-44-0x000001F243030000-0x000001F243040000-memory.dmp

Filesize
64KB

Download
memory/3992-45-0x000001F243040000-0x000001F243050000-memory.dmp

Filesize
64KB

Download
memory/3992-46-0x000001F243050000-0x000001F243060000-memory.dmp

Filesize
64KB

Download
memory/3992-47-0x000001F243060000-0x000001F243070000-memory.dmp

Filesize
64KB

Download
memory/3992-48-0x000001F243070000-0x000001F243080000-memory.dmp

Filesize
64KB

Download
memory/3992-49-0x000001F243080000-0x000001F243090000-memory.dmp

Filesize
64KB

Download
memory/3992-51-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-53-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-55-0x000001F243090000-0x000001F2430A0000-memory.dmp

Filesize
64KB

Download
memory/3992-56-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-60-0x000001F2430A0000-0x000001F2430B0000-memory.dmp

Filesize
64KB

Download
memory/3992-63-0x000001F2430B0000-0x000001F2430C0000-memory.dmp

Filesize
64KB

Download
memory/3992-64-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-67-0x000001F2430C0000-0x000001F2430D0000-memory.dmp

Filesize
64KB

Download
memory/3992-73-0x000001F2430E0000-0x000001F2430F0000-memory.dmp

Filesize
64KB

Download
memory/3992-72-0x000001F2430D0000-0x000001F2430E0000-memory.dmp

Filesize
64KB

Download
memory/3992-89-0x000001F2430F0000-0x000001F243100000-memory.dmp

Filesize
64KB

Download
memory/3992-79-0x000001F2415B0000-0x000001F2415B1000-memory.dmp

Filesize
4KB

Download
memory/3992-92-0x000001F243100000-0x000001F243110000-memory.dmp

Filesize
64KB

Download
memory/3992-98-0x000001F243110000-0x000001F243120000-memory.dmp

Filesize
64KB

Download
memory/3992-109-0x000001F243120000-0x000001F243130000-memory.dmp

Filesize
64KB

Download
memory/3992-108-0x000001F243090000-0x000001F2430A0000-memory.dmp

Filesize
64KB

Download
memory/3992-128-0x000001F243130000-0x000001F243140000-memory.dmp

Filesize
64KB

Download
memory/3992-162-0x000001F2430B0000-0x000001F2430C0000-memory.dmp

Filesize
64KB

Download
memory/3992-161-0x000001F243160000-0x000001F243170000-memory.dmp

Filesize
64KB

Download
memory/3992-160-0x000001F243150000-0x000001F243160000-memory.dmp

Filesize
64KB

Download
memory/3992-159-0x000001F243140000-0x000001F243150000-memory.dmp

Filesize
64KB

Download
memory/3992-158-0x000001F2430A0000-0x000001F2430B0000-memory.dmp

Filesize
64KB

Download
memory/3992-191-0x000001F2430C0000-0x000001F2430D0000-memory.dmp

Filesize
64KB

Download
memory/3992-201-0x000001F243170000-0x000001F243180000-memory.dmp

Filesize
64KB

Download
memory/3992-200-0x000001F2430E0000-0x000001F2430F0000-memory.dmp

Filesize
64KB

Download
memory/3992-199-0x000001F2430D0000-0x000001F2430E0000-memory.dmp

Filesize
64KB

Download
memory/3992-221-0x000001F243180000-0x000001F243190000-memory.dmp

Filesize
64KB

Download
memory/3992-248-0x000001F243190000-0x000001F2431A0000-memory.dmp

Filesize
64KB

Download
memory/3992-247-0x000001F2430F0000-0x000001F243100000-memory.dmp

Filesize
64KB

Download
memory/3992-279-0x000001F243100000-0x000001F243110000-memory.dmp

Filesize
64KB

Download
memory/3992-280-0x000001F2431A0000-0x000001F2431B0000-memory.dmp

Filesize
64KB

Download
memory/3992-288-0x000001F2431B0000-0x000001F2431C0000-memory.dmp

Filesize
64KB

Download
memory/3992-287-0x000001F243110000-0x000001F243120000-memory.dmp

Filesize
64KB

Download
memory/3992-313-0x000001F2431C0000-0x000001F2431D0000-memory.dmp

Filesize
64KB

Download
memory/3992-312-0x000001F243120000-0x000001F243130000-memory.dmp

Filesize
64KB

Download
memory/3992-338-0x000001F2431D0000-0x000001F2431E0000-memory.dmp

Filesize
64KB

Download
memory/3992-337-0x000001F243130000-0x000001F243140000-memory.dmp

Filesize
64KB

Download
memory/3992-376-0x000001F243160000-0x000001F243170000-memory.dmp

Filesize
64KB

Download
memory/3992-375-0x000001F243150000-0x000001F243160000-memory.dmp

Filesize
64KB

Download
memory/3992-374-0x000001F243140000-0x000001F243150000-memory.dmp

Filesize
64KB

Download
memory/3992-380-0x000001F2431E0000-0x000001F2431F0000-memory.dmp

Filesize
64KB

Download
memory/3992-407-0x000001F2431F0000-0x000001F243200000-memory.dmp

Filesize
64KB

Download
memory/3992-425-0x000001F243170000-0x000001F243180000-memory.dmp

Filesize
64KB

Download
memory/3992-426-0x000001F243200000-0x000001F243210000-memory.dmp

Filesize
64KB

Download
memory/3992-458-0x000001F243180000-0x000001F243190000-memory.dmp

Filesize
64KB

Download
memory/3992-486-0x000001F243210000-0x000001F243220000-memory.dmp

Filesize
64KB

Download
memory/3992-485-0x000001F243190000-0x000001F2431A0000-memory.dmp

Filesize
64KB

Download
memory/3992-505-0x000001F243220000-0x000001F243230000-memory.dmp

Filesize
64KB

Download
memory/3992-504-0x000001F2431A0000-0x000001F2431B0000-memory.dmp

Filesize
64KB

Download
memory/3992-541-0x000001F2431B0000-0x000001F2431C0000-memory.dmp

Filesize
64KB

Download
memory/3992-553-0x000001F2431C0000-0x000001F2431D0000-memory.dmp

Filesize
64KB

Download
memory/3992-554-0x000001F243230000-0x000001F243240000-memory.dmp

Filesize
64KB

Download
memory/3992-560-0x000001F243240000-0x000001F243250000-memory.dmp

Filesize
64KB

Download
memory/3992-559-0x000001F2431D0000-0x000001F2431E0000-memory.dmp

Filesize
64KB

Download
memory/3992-637-0x000001F2431E0000-0x000001F2431F0000-memory.dmp

Filesize
64KB

Download
memory/3992-677-0x000001F2431F0000-0x000001F243200000-memory.dmp

Filesize
64KB

Download
memory/3992-711-0x000001F243200000-0x000001F243210000-memory.dmp

Filesize
64KB

Download
memory/3992-787-0x000001F243250000-0x000001F243260000-memory.dmp

Filesize
64KB

Download
memory/3992-786-0x000001F243210000-0x000001F243220000-memory.dmp

Filesize
64KB

Download
memory/3992-825-0x000001F243220000-0x000001F243230000-memory.dmp

Filesize
64KB

Download
memory/3992-868-0x000001F243260000-0x000001F243270000-memory.dmp

Filesize
64KB

Download
memory/3992-885-0x000001F243270000-0x000001F243280000-memory.dmp

Filesize
64KB

Download
memory/3992-884-0x000001F243230000-0x000001F243240000-memory.dmp

Filesize
64KB

Download
memory/3992-911-0x000001F243280000-0x000001F243290000-memory.dmp

Filesize
64KB

Download
memory/3992-910-0x000001F243240000-0x000001F243250000-memory.dmp

Filesize
64KB

Download
memory/3992-913-0x000001F243290000-0x000001F2432A0000-memory.dmp

Filesize
64KB

Download
memory/3992-918-0x000001F2432A0000-0x000001F2432B0000-memory.dmp

Filesize
64KB

Download
memory/3992-920-0x000001F2432B0000-0x000001F2432C0000-memory.dmp

Filesize
64KB

Download
memory/3992-922-0x000001F2432C0000-0x000001F2432D0000-memory.dmp

Filesize
64KB

Download
memory/3992-924-0x000001F2432D0000-0x000001F2432E0000-memory.dmp

Filesize
64KB

Download
memory/3992-931-0x000001F2432E0000-0x000001F2432F0000-memory.dmp

Filesize
64KB

Download
memory/3992-930-0x000001F243250000-0x000001F243260000-memory.dmp

Filesize
64KB

Download
memory/3992-932-0x000001F2432F0000-0x000001F243300000-memory.dmp

Filesize
64KB

Download
memory/3992-935-0x000001F243300000-0x000001F243310000-memory.dmp

Filesize
64KB

Download
memory/3992-934-0x000001F243260000-0x000001F243270000-memory.dmp

Filesize
64KB

Download
memory/3992-937-0x000001F243270000-0x000001F243280000-memory.dmp

Filesize
64KB

Download
memory/3992-938-0x000001F243310000-0x000001F243320000-memory.dmp

Filesize
64KB

Download
memory/3992-941-0x000001F243280000-0x000001F243290000-memory.dmp

Filesize
64KB

Download
memory/3992-944-0x000001F243290000-0x000001F2432A0000-memory.dmp

Filesize
64KB

Download
memory/3992-943-0x000001F243330000-0x000001F243340000-memory.dmp

Filesize
64KB

Download
memory/3992-942-0x000001F243320000-0x000001F243330000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads