Analysis
-
max time kernel
96s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 11:26
Static task
static1
Behavioral task
behavioral1
Sample
c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe
Resource
win10v2004-20241007-en
General
-
Target
c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe
-
Size
1.7MB
-
MD5
6a0206c1b70c4fa4dcbee86c5abe137e
-
SHA1
37d03b61b8778921ef353567c61782eabdc74e7c
-
SHA256
c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47
-
SHA512
03d5eb7e4eed75b7dca0dd849698140c5b568361a3ab4fb020a0803100ddd68c9f76cc6060e5cacf5f596990c9140c13e1de865fc48ff47da97ce6c472b9e4e0
-
SSDEEP
24576:RWd7S8NK3oYLkTcDvebZI7LrS/85RkVt7jANyBo4kx929bL3Hnx:RKxNuLkTcKb4rSUfkVFjzB+kn3Hnx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2204 javaws.exe 2204 javaws.exe 4992 jp2launcher.exe 4992 jp2launcher.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4992 jp2launcher.exe 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3564 wrote to memory of 2204 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe 84 PID 3564 wrote to memory of 2204 3564 c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe 84 PID 2204 wrote to memory of 4992 2204 javaws.exe 85 PID 2204 wrote to memory of 4992 2204 javaws.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe"C:\Users\Admin\AppData\Local\Temp\c369033d47f6a99b0b39c7da4c330a9f80df2e36f6a72cab83c3e92176e37c47.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3564 -
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdate2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamRrLmRpc2FibGVMYXN0VXNhZ2VUcmFja2luZz10cnVlAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGJpblxqYXZhdy5leGUALURqbmxweC52bWFyZ3M9TFVScVpHc3VaR2x6WVdKc1pVeGhjM1JWYzJGblpWUnlZV05yYVc1blBYUnlkV1VB -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4992
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
896B
MD5b574c8eb2c8d32ac9bb025eeac709764
SHA165f6fd5bc9b812685f33c8d4922db8d5e24240dc
SHA2569d383c4efe7fcb70242f9df39c1cc1dda9e10c37b82fe38a5ea4c87257f904f4
SHA512323588495531a35e7f2b2f8fcef43dd61973654ab006e16fad1b540ebe16f60ca0923d0b9f7c5429a887195ba4a90c953d0a5bb31f4ed4e1e746054ecc5453c2
-
Filesize
12KB
MD5a66e19c05f3e0b24ac077a37c2b7589e
SHA18b9ad1517985c48c0bd11670fabd3648bac9d1ff
SHA2569771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126
SHA5120876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f
-
Filesize
164KB
MD5bd93d3df0d25ea55f32cdd7d20d283eb
SHA1ecdd029047dd72565c7eadb3433aa83d0a93e9c5
SHA256baca766858b928817346c41126ff18d2df57d0c0ba052bf8e1fd0cbee3856a09
SHA512d70056d71fcfe38be16da88a113a94718b738a515554bca9288edc911f895281279c997d4eed29659cd2f1f66f9955c5c759baea8e15a65dcae321a33d14b88a