Overview

overview

1

Static

static

1

DarkKore-0....4.jar

windows10-2004-x64

1

Resubmissions

07/01/2025, 17:56 UTC

250107-wh19matmcm 1

07/01/2025, 15:17 UTC

250107-sn7rtawpdt 10

Analysis

  • max time kernel
    25s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2025, 17:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DarkKore-0.3.5-1.19.4.jar

  • Size

    698KB

  • MD5

    c218f4858e4f2a42d595c744c8e92127

  • SHA1

    dac64cfeeacbfc85ed75f9300b56e6f62b563db4

  • SHA256

    f1488d8b97d30fc8fbfa1b2e6718f3ffe80b48231e3cf1fd59f589c801874937

  • SHA512

    d5e6e3a3c6d59a37311bc11fe95e08e5e399dce6c756a78df857898a9f1dad85404a8ae30892786c507ebd8a4779f3889e263362eebd4b18adc90c7797083a07

  • SSDEEP

    12288:tsAJ1NKNaiYtgUjngvaFgvKNwUuAtd8hbvdKnSX3jgBv66FzWoep:tsAJs8X7FgqoAtdOx7T466Yoep

Score
1/10

Malware Config

Signatures

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\DarkKore-0.3.5-1.19.4.jar
    1⤵
      PID:2684
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4376
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\yet-another-config-lib-fabric-3.1.1+1.19.4.jar"
        1⤵
          PID:3176
        • C:\Program Files\Java\jre-1.8\bin\javaw.exe
          "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\yet-another-config-lib-fabric-3.1.1+1.19.4.jar"
          1⤵
            PID:3304
          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
            "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Zoomify-2.9.4.jar"
            1⤵
              PID:3160
            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
              "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Xaeros_Minimap_24.2.0_Fabric_1.19.4.jar"
              1⤵
                PID:2900

              Network

              • flag-us
                DNS
                8.8.8.8.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                8.8.8.8.in-addr.arpa
                IN PTR
                Response
                8.8.8.8.in-addr.arpa
                IN PTR
                dnsgoogle
              • flag-us
                DNS
                13.86.106.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                13.86.106.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                14.160.190.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.160.190.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                8.153.16.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                8.153.16.2.in-addr.arpa
                IN PTR
                Response
                8.153.16.2.in-addr.arpa
                IN PTR
                a2-16-153-8deploystaticakamaitechnologiescom
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                149.220.183.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                149.220.183.52.in-addr.arpa
                IN PTR
                Response
              No results found
              • 8.8.8.8:53
                8.8.8.8.in-addr.arpa
                dns
                66 B
                 90 B
                 1
                1

                DNS Request

                8.8.8.8.in-addr.arpa

              • 8.8.8.8:53
                13.86.106.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                13.86.106.20.in-addr.arpa

              • 8.8.8.8:53
                14.160.190.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                14.160.190.20.in-addr.arpa

              • 8.8.8.8:53
                8.153.16.2.in-addr.arpa
                dns
                69 B
                 131 B
                 1
                1

                DNS Request

                8.153.16.2.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                149.220.183.52.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                149.220.183.52.in-addr.arpa

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                Filesize

                46B

                MD5

                0e3a6bbcd3ef6454821ac6b49034363e

                SHA1

                7729ee12951c0ef82b8671431029142707d1f2b6

                SHA256

                12f2eb08d58de0a29f6f81a25ae4f4fb774e97460c96f4544c09cfb8bb22f6e9

                SHA512

                5ee997c37cf6c94e16889ba985417a03ade643998717e9e9366f9724eb2887503021cdb2dcffc46a225e0ed85b04ca6bbc60c473c58f094df95a65534cd9e195

                Download Submit

              • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                Filesize

                46B

                MD5

                975b15480260a777dfd51002e45bfede

                SHA1

                e8bab8cc58c0f53adc536129fdc73e9c325a4c1d

                SHA256

                f7dff877887c0993e70fe395a5648dd26608cd778a584a3af040fc9f976c019e

                SHA512

                98460a4655e7f4b2aba57d35732e3e04c93a9a8f2e5e62cca49f4508b819f79d475a4f2f5d5a40d7e137bb70fc903054e5b072453156274e41aa06675f71b68a

                Download Submit

              • memory/2684-2-0x00000229AEB60000-0x00000229AEDD0000-memory.dmp

                Filesize

                2.4MB

                Download

              • memory/2684-11-0x00000229AD0F0000-0x00000229AD0F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2684-12-0x00000229AEB60000-0x00000229AEDD0000-memory.dmp

                Filesize

                2.4MB

                Download

              • memory/2900-62-0x000002E3D79A0000-0x000002E3D79A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3160-50-0x000001EF7FD70000-0x000001EF7FD71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3176-15-0x00000191AE010000-0x00000191AE280000-memory.dmp

                Filesize

                2.4MB

                Download

              • memory/3176-27-0x00000191ADFF0000-0x00000191ADFF1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3176-28-0x00000191AE010000-0x00000191AE280000-memory.dmp

                Filesize

                2.4MB

                Download

              • memory/3304-38-0x000001C3220E0000-0x000001C3220E1000-memory.dmp

                Filesize

                4KB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.