7237c1f01b83342db06fae7e57e574d3566a2cea0f7af7137e12ad2dccd3ebe0

Analysis

max time kernel
595s
max time network
448s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre/bin/javacpl.exe
Size

68KB
MD5

c2a59c7343d370bc57765896490331e5
SHA1

a50af979e08a65eb370763a7f70cdb0e179d705d
SHA256

40614fe8b91e01ad3562102e440bdbf5fac5d9f7292c6b16a58f723bfffe6066
SHA512

ca266f1b2e51f66d119e2d71e3377c229a3d583853ffb606c101afeb41689ace7d1f1594781091da67f9be9d09f3019bf048c0f819777e8f1827a56beec252c4
SSDEEP

768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javacpl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javaw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3232	javaw.exe
3232	javaw.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 3232	4664	javacpl.exe	81
PID 4664 wrote to memory of 3232	4664	javacpl.exe	81
PID 4664 wrote to memory of 3232	4664	javacpl.exe	81

C:\Users\Admin\AppData\Local\Temp\jre\bin\javacpl.exe
"C:\Users\Admin\AppData\Local\Temp\jre\bin\javacpl.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Users\Admin\AppData\Local\Temp\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\jre\bin\javaw.exe" -Xbootclasspath/a:"C:\Users\Admin\AppData\Local\Temp\jre\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
c3b1e448a317ab31d21e9b4ee72672d9

SHA1
855010382bbcfef4d0540bf4850fd451ececc0f2

SHA256
c2e91bce5191882dd3689dc3546bb821c506af1deec3ba76abbf117d82e68665

SHA512
032fc22d9738a85db9875af31366e74ceeff6ca2d847d35aaed9ebce2822f3a5eeab09eca82566c455b41697508e81c5869cfab0540f41fb849562e08094d05e

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
cc773d992710064462bd3734feb43d0c

SHA1
2cda05c664d444262b3d5f5cbaa046a879c5734b

SHA256
f3e9d64edcc961b77849aa134d836b44aa1d274a334879ead7bfeb85e472ce83

SHA512
e2020746ae035fa06d31bcaa783c934dd00d981767b625ba736dfd35702908404355ffaec3c770208dadc87371a184d22ed9855de0c913dec58f56530f3aaef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar

Filesize
12KB

MD5
a66e19c05f3e0b24ac077a37c2b7589e

SHA1
8b9ad1517985c48c0bd11670fabd3648bac9d1ff

SHA256
9771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126

SHA512
0876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f

Download Submit
memory/3232-189-0x00000000030B0000-0x00000000030B8000-memory.dmp

Filesize
32KB

Download
memory/3232-286-0x0000000003148000-0x0000000003150000-memory.dmp

Filesize
32KB

Download
memory/3232-29-0x0000000002FB8000-0x0000000002FC0000-memory.dmp

Filesize
32KB

Download
memory/3232-193-0x00000000030D0000-0x00000000030D8000-memory.dmp

Filesize
32KB

Download
memory/3232-33-0x0000000003028000-0x0000000003030000-memory.dmp

Filesize
32KB

Download
memory/3232-35-0x0000000003030000-0x0000000003038000-memory.dmp

Filesize
32KB

Download
memory/3232-37-0x0000000003038000-0x0000000003040000-memory.dmp

Filesize
32KB

Download
memory/3232-43-0x0000000003040000-0x0000000003048000-memory.dmp

Filesize
32KB

Download
memory/3232-46-0x0000000003048000-0x0000000003050000-memory.dmp

Filesize
32KB

Download
memory/3232-52-0x0000000003050000-0x0000000003058000-memory.dmp

Filesize
32KB

Download
memory/3232-51-0x0000000002F80000-0x0000000002FA8000-memory.dmp

Filesize
160KB

Download
memory/3232-56-0x0000000003058000-0x0000000003060000-memory.dmp

Filesize
32KB

Download
memory/3232-55-0x0000000002FC8000-0x0000000002FD0000-memory.dmp

Filesize
32KB

Download
memory/3232-57-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-63-0x0000000003060000-0x0000000003068000-memory.dmp

Filesize
32KB

Download
memory/3232-62-0x0000000002FD0000-0x0000000002FD8000-memory.dmp

Filesize
32KB

Download
memory/3232-67-0x0000000002FB8000-0x0000000002FC0000-memory.dmp

Filesize
32KB

Download
memory/3232-68-0x0000000003068000-0x0000000003070000-memory.dmp

Filesize
32KB

Download
memory/3232-66-0x0000000003020000-0x0000000003028000-memory.dmp

Filesize
32KB

Download
memory/3232-72-0x0000000003070000-0x0000000003078000-memory.dmp

Filesize
32KB

Download
memory/3232-31-0x0000000002FC0000-0x0000000002FC8000-memory.dmp

Filesize
32KB

Download
memory/3232-83-0x0000000003078000-0x0000000003080000-memory.dmp

Filesize
32KB

Download
memory/3232-82-0x0000000003028000-0x0000000003030000-memory.dmp

Filesize
32KB

Download
memory/3232-108-0x0000000003080000-0x0000000003088000-memory.dmp

Filesize
32KB

Download
memory/3232-107-0x0000000003030000-0x0000000003038000-memory.dmp

Filesize
32KB

Download
memory/3232-111-0x0000000003088000-0x0000000003090000-memory.dmp

Filesize
32KB

Download
memory/3232-110-0x0000000003038000-0x0000000003040000-memory.dmp

Filesize
32KB

Download
memory/3232-112-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-118-0x0000000003090000-0x0000000003098000-memory.dmp

Filesize
32KB

Download
memory/3232-117-0x0000000003040000-0x0000000003048000-memory.dmp

Filesize
32KB

Download
memory/3232-12-0x0000000002FD0000-0x0000000002FD8000-memory.dmp

Filesize
32KB

Download
memory/3232-149-0x0000000003048000-0x0000000003050000-memory.dmp

Filesize
32KB

Download
memory/3232-150-0x0000000003098000-0x00000000030A0000-memory.dmp

Filesize
32KB

Download
memory/3232-154-0x00000000030A0000-0x00000000030A8000-memory.dmp

Filesize
32KB

Download
memory/3232-153-0x0000000003050000-0x0000000003058000-memory.dmp

Filesize
32KB

Download
memory/3232-158-0x0000000003058000-0x0000000003060000-memory.dmp

Filesize
32KB

Download
memory/3232-160-0x0000000003060000-0x0000000003068000-memory.dmp

Filesize
32KB

Download
memory/3232-163-0x0000000003068000-0x0000000003070000-memory.dmp

Filesize
32KB

Download
memory/3232-164-0x0000000003070000-0x0000000003078000-memory.dmp

Filesize
32KB

Download
memory/3232-167-0x00000000030A8000-0x00000000030B0000-memory.dmp

Filesize
32KB

Download
memory/3232-166-0x0000000003078000-0x0000000003080000-memory.dmp

Filesize
32KB

Download
memory/3232-168-0x0000000003080000-0x0000000003088000-memory.dmp

Filesize
32KB

Download
memory/3232-169-0x0000000003088000-0x0000000003090000-memory.dmp

Filesize
32KB

Download
memory/3232-172-0x0000000003090000-0x0000000003098000-memory.dmp

Filesize
32KB

Download
memory/3232-173-0x00000000030B0000-0x00000000030B8000-memory.dmp

Filesize
32KB

Download
memory/3232-175-0x0000000003098000-0x00000000030A0000-memory.dmp

Filesize
32KB

Download
memory/3232-176-0x00000000030A0000-0x00000000030A8000-memory.dmp

Filesize
32KB

Download
memory/3232-180-0x00000000030B8000-0x00000000030C0000-memory.dmp

Filesize
32KB

Download
memory/3232-184-0x00000000030C0000-0x00000000030C8000-memory.dmp

Filesize
32KB

Download
memory/3232-183-0x00000000030A8000-0x00000000030B0000-memory.dmp

Filesize
32KB

Download
memory/3232-187-0x00000000030C8000-0x00000000030D0000-memory.dmp

Filesize
32KB

Download
memory/3232-5-0x0000000002F80000-0x0000000002FA8000-memory.dmp

Filesize
160KB

Download
memory/3232-28-0x0000000003020000-0x0000000003028000-memory.dmp

Filesize
32KB

Download
memory/3232-30-0x0000000003018000-0x0000000003020000-memory.dmp

Filesize
32KB

Download
memory/3232-272-0x0000000003120000-0x0000000003128000-memory.dmp

Filesize
32KB

Download
memory/3232-198-0x00000000030D8000-0x00000000030E0000-memory.dmp

Filesize
32KB

Download
memory/3232-201-0x00000000030E0000-0x00000000030E8000-memory.dmp

Filesize
32KB

Download
memory/3232-200-0x00000000030C8000-0x00000000030D0000-memory.dmp

Filesize
32KB

Download
memory/3232-204-0x00000000030D0000-0x00000000030D8000-memory.dmp

Filesize
32KB

Download
memory/3232-206-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-208-0x00000000030E8000-0x00000000030F0000-memory.dmp

Filesize
32KB

Download
memory/3232-210-0x00000000030F0000-0x00000000030F8000-memory.dmp

Filesize
32KB

Download
memory/3232-212-0x00000000030F8000-0x0000000003100000-memory.dmp

Filesize
32KB

Download
memory/3232-216-0x00000000030D8000-0x00000000030E0000-memory.dmp

Filesize
32KB

Download
memory/3232-217-0x0000000003100000-0x0000000003108000-memory.dmp

Filesize
32KB

Download
memory/3232-219-0x0000000003108000-0x0000000003110000-memory.dmp

Filesize
32KB

Download
memory/3232-218-0x00000000030E0000-0x00000000030E8000-memory.dmp

Filesize
32KB

Download
memory/3232-221-0x0000000003110000-0x0000000003118000-memory.dmp

Filesize
32KB

Download
memory/3232-223-0x0000000003118000-0x0000000003120000-memory.dmp

Filesize
32KB

Download
memory/3232-225-0x0000000003120000-0x0000000003128000-memory.dmp

Filesize
32KB

Download
memory/3232-226-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-229-0x0000000003128000-0x0000000003130000-memory.dmp

Filesize
32KB

Download
memory/3232-231-0x0000000003130000-0x0000000003138000-memory.dmp

Filesize
32KB

Download
memory/3232-234-0x0000000003138000-0x0000000003140000-memory.dmp

Filesize
32KB

Download
memory/3232-233-0x00000000030E8000-0x00000000030F0000-memory.dmp

Filesize
32KB

Download
memory/3232-236-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-246-0x0000000003140000-0x0000000003148000-memory.dmp

Filesize
32KB

Download
memory/3232-245-0x00000000030F0000-0x00000000030F8000-memory.dmp

Filesize
32KB

Download
memory/3232-247-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-9-0x0000000002FC8000-0x0000000002FD0000-memory.dmp

Filesize
32KB

Download
memory/3232-263-0x00000000030F8000-0x0000000003100000-memory.dmp

Filesize
32KB

Download
memory/3232-264-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-265-0x0000000003100000-0x0000000003108000-memory.dmp

Filesize
32KB

Download
memory/3232-266-0x0000000003148000-0x0000000003150000-memory.dmp

Filesize
32KB

Download
memory/3232-267-0x0000000003108000-0x0000000003110000-memory.dmp

Filesize
32KB

Download
memory/3232-268-0x0000000003110000-0x0000000003118000-memory.dmp

Filesize
32KB

Download
memory/3232-270-0x0000000003118000-0x0000000003120000-memory.dmp

Filesize
32KB

Download
memory/3232-196-0x00000000030C0000-0x00000000030C8000-memory.dmp

Filesize
32KB

Download
memory/3232-273-0x0000000003150000-0x0000000003158000-memory.dmp

Filesize
32KB

Download
memory/3232-276-0x0000000003158000-0x0000000003160000-memory.dmp

Filesize
32KB

Download
memory/3232-275-0x0000000003128000-0x0000000003130000-memory.dmp

Filesize
32KB

Download
memory/3232-277-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-278-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-280-0x0000000003130000-0x0000000003138000-memory.dmp

Filesize
32KB

Download
memory/3232-281-0x0000000003160000-0x0000000003168000-memory.dmp

Filesize
32KB

Download
memory/3232-283-0x0000000003138000-0x0000000003140000-memory.dmp

Filesize
32KB

Download
memory/3232-285-0x0000000003140000-0x0000000003148000-memory.dmp

Filesize
32KB

Download
memory/3232-195-0x00000000030B8000-0x00000000030C0000-memory.dmp

Filesize
32KB

Download
memory/3232-291-0x0000000003168000-0x0000000003170000-memory.dmp

Filesize
32KB

Download
memory/3232-295-0x0000000003150000-0x0000000003158000-memory.dmp

Filesize
32KB

Download
memory/3232-296-0x0000000003170000-0x0000000003178000-memory.dmp

Filesize
32KB

Download
memory/3232-297-0x0000000003158000-0x0000000003160000-memory.dmp

Filesize
32KB

Download
memory/3232-299-0x0000000003160000-0x0000000003168000-memory.dmp

Filesize
32KB

Download
memory/3232-301-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-306-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/3232-309-0x0000000003168000-0x0000000003170000-memory.dmp

Filesize
32KB

Download
memory/3232-311-0x0000000003170000-0x0000000003178000-memory.dmp

Filesize
32KB

Download