Analysis Overview
SHA256
11fda4c8a664408e930e07d16cb4a043b5f54a489c12a356a310a074b1222901
Threat Level: Known bad
The file 11fda4c8a664408e930e07d16cb4a043b5f54a489c12a356a310a074b1222901.jar was found to be: Known bad.
Malicious Activity Summary
Adwind family
Class file contains resources related to AdWind
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 02:09
Signatures
Adwind family
Class file contains resources related to AdWind
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 02:09
Reported
2024-11-08 02:12
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\11fda4c8a664408e930e07d16cb4a043b5f54a489c12a356a310a074b1222901.jar
Network
Files
memory/2372-2-0x0000000002560000-0x00000000027D0000-memory.dmp
memory/2372-11-0x0000000000440000-0x0000000000441000-memory.dmp
memory/2372-12-0x0000000002560000-0x00000000027D0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 02:09
Reported
2024-11-08 02:12
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
146s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\11fda4c8a664408e930e07d16cb4a043b5f54a489c12a356a310a074b1222901.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/4560-2-0x000002186CC90000-0x000002186CF00000-memory.dmp
memory/4560-21-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-26-0x000002186CC90000-0x000002186CF00000-memory.dmp
memory/4560-29-0x000002186CF00000-0x000002186CF10000-memory.dmp
memory/4560-31-0x000002186CF10000-0x000002186CF20000-memory.dmp
memory/4560-34-0x000002186CF20000-0x000002186CF30000-memory.dmp
memory/4560-37-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-47-0x000002186CF30000-0x000002186CF40000-memory.dmp
memory/4560-48-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-50-0x000002186CF40000-0x000002186CF50000-memory.dmp
memory/4560-55-0x000002186CF50000-0x000002186CF60000-memory.dmp
memory/4560-58-0x000002186CF60000-0x000002186CF70000-memory.dmp
memory/4560-60-0x000002186CF70000-0x000002186CF80000-memory.dmp
memory/4560-62-0x000002186CF80000-0x000002186CF90000-memory.dmp
memory/4560-64-0x000002186CF90000-0x000002186CFA0000-memory.dmp
memory/4560-67-0x000002186CF00000-0x000002186CF10000-memory.dmp
memory/4560-68-0x000002186CFA0000-0x000002186CFB0000-memory.dmp
memory/4560-70-0x000002186CFB0000-0x000002186CFC0000-memory.dmp
memory/4560-69-0x000002186CF10000-0x000002186CF20000-memory.dmp
memory/4560-76-0x000002186CF30000-0x000002186CF40000-memory.dmp
memory/4560-75-0x000002186CFD0000-0x000002186CFE0000-memory.dmp
memory/4560-74-0x000002186CFC0000-0x000002186CFD0000-memory.dmp
memory/4560-73-0x000002186CF20000-0x000002186CF30000-memory.dmp
memory/4560-80-0x000002186CFE0000-0x000002186CFF0000-memory.dmp
memory/4560-79-0x000002186CF40000-0x000002186CF50000-memory.dmp
memory/4560-82-0x000002186CFF0000-0x000002186D000000-memory.dmp
memory/4560-81-0x000002186CF50000-0x000002186CF60000-memory.dmp
memory/4560-85-0x000002186D000000-0x000002186D010000-memory.dmp
memory/4560-84-0x000002186CF60000-0x000002186CF70000-memory.dmp
memory/4560-88-0x000002186D010000-0x000002186D020000-memory.dmp
memory/4560-87-0x000002186CF70000-0x000002186CF80000-memory.dmp
memory/4560-90-0x000002186CF80000-0x000002186CF90000-memory.dmp
memory/4560-91-0x000002186D020000-0x000002186D030000-memory.dmp
memory/4560-94-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-97-0x000002186D030000-0x000002186D040000-memory.dmp
memory/4560-96-0x000002186CF90000-0x000002186CFA0000-memory.dmp
memory/4560-104-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-105-0x000002186B3F0000-0x000002186B3F1000-memory.dmp
memory/4560-106-0x000002186CC90000-0x000002186CF00000-memory.dmp
memory/4560-123-0x000002186D030000-0x000002186D040000-memory.dmp
memory/4560-122-0x000002186D020000-0x000002186D030000-memory.dmp
memory/4560-121-0x000002186D010000-0x000002186D020000-memory.dmp
memory/4560-120-0x000002186D000000-0x000002186D010000-memory.dmp
memory/4560-119-0x000002186CFF0000-0x000002186D000000-memory.dmp
memory/4560-118-0x000002186CFE0000-0x000002186CFF0000-memory.dmp
memory/4560-117-0x000002186CFD0000-0x000002186CFE0000-memory.dmp
memory/4560-116-0x000002186CFC0000-0x000002186CFD0000-memory.dmp
memory/4560-115-0x000002186CFB0000-0x000002186CFC0000-memory.dmp
memory/4560-114-0x000002186CFA0000-0x000002186CFB0000-memory.dmp
memory/4560-107-0x000002186CF00000-0x000002186CF10000-memory.dmp
memory/4560-113-0x000002186CF80000-0x000002186CF90000-memory.dmp
memory/4560-112-0x000002186CF60000-0x000002186CF70000-memory.dmp
memory/4560-111-0x000002186CF50000-0x000002186CF60000-memory.dmp
memory/4560-110-0x000002186CF40000-0x000002186CF50000-memory.dmp
memory/4560-109-0x000002186CF20000-0x000002186CF30000-memory.dmp
memory/4560-108-0x000002186CF10000-0x000002186CF20000-memory.dmp