38e4a29ab9f16e4fa94d66b4d4e8f43a24872da912a3bdbd341e0ef21616b576

Resubmissions

12-01-2025 13:59

250112-ran7waxpaj 10

12-01-2025 13:48

250112-q38asavke1 10

12-01-2025 13:44

250112-q114paxlan 10

12-01-2025 13:37

250112-qw2jnaxjcl 10

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AxoPac/x64/bin/javacpl.exe
Size

68KB
MD5

c2a59c7343d370bc57765896490331e5
SHA1

a50af979e08a65eb370763a7f70cdb0e179d705d
SHA256

40614fe8b91e01ad3562102e440bdbf5fac5d9f7292c6b16a58f723bfffe6066
SHA512

ca266f1b2e51f66d119e2d71e3377c229a3d583853ffb606c101afeb41689ace7d1f1594781091da67f9be9d09f3019bf048c0f819777e8f1827a56beec252c4
SSDEEP

768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javacpl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javaw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1868	javaw.exe
1868	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1868	2220	javacpl.exe	30
PID 2220 wrote to memory of 1868	2220	javacpl.exe	30
PID 2220 wrote to memory of 1868	2220	javacpl.exe	30
PID 2220 wrote to memory of 1868	2220	javacpl.exe	30

C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javacpl.exe
"C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javacpl.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javaw.exe" -Xbootclasspath/a:"C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
3bb8e0bb0efa65bb5a41dd031f1483c5

SHA1
bb58ed3a46c2e851c1c640b03b5acd721a8ab219

SHA256
73d8b83a8b95aa363b087a84904d881e23f7d919013c3f60113f07d787fc4b46

SHA512
4c115723b8259a41b03c7a5dc69f44731023b17ca7a8ea7d5de5c5f3092807c3457a0ae41bfa9366eb021f424be8b7ea363cd8c83d002db0cadc652323b26a2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
f8987cbf700815b025067be369a8642f

SHA1
f4b08c77e138e00d1cfb833781bba343f8d370d9

SHA256
e7fcd9097e8e96e427fc024babc8602a9c3125a28c3f0cda1672133cc468d0be

SHA512
f70da75cf4ce3931332f5a7c51b6185c97e4f7ed48a954d8b54ec22e5796b8fa9a5078a601314effac0735bd068a6dc0bb6b19afc6dc2e94afaa71194ddc8edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar

Filesize
12KB

MD5
a66e19c05f3e0b24ac077a37c2b7589e

SHA1
8b9ad1517985c48c0bd11670fabd3648bac9d1ff

SHA256
9771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126

SHA512
0876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f

Download Submit
memory/1868-5-0x0000000002930000-0x0000000002958000-memory.dmp

Filesize
160KB

Download
memory/1868-10-0x0000000002978000-0x0000000002980000-memory.dmp

Filesize
32KB

Download
memory/1868-12-0x0000000002980000-0x0000000002988000-memory.dmp

Filesize
32KB

Download
memory/1868-26-0x00000000029C8000-0x00000000029D0000-memory.dmp

Filesize
32KB

Download
memory/1868-30-0x0000000002970000-0x0000000002978000-memory.dmp

Filesize
32KB

Download
memory/1868-29-0x00000000029D0000-0x00000000029D8000-memory.dmp

Filesize
32KB

Download
memory/1868-28-0x0000000002968000-0x0000000002970000-memory.dmp

Filesize
32KB

Download
memory/1868-33-0x00000000029D8000-0x00000000029E0000-memory.dmp

Filesize
32KB

Download
memory/1868-35-0x00000000029E0000-0x00000000029E8000-memory.dmp

Filesize
32KB

Download
memory/1868-37-0x00000000029E8000-0x00000000029F0000-memory.dmp

Filesize
32KB

Download
memory/1868-44-0x0000000002930000-0x0000000002958000-memory.dmp

Filesize
160KB

Download
memory/1868-43-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/1868-42-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/1868-47-0x00000000029F0000-0x00000000029F8000-memory.dmp

Filesize
32KB

Download
memory/1868-46-0x0000000002978000-0x0000000002980000-memory.dmp

Filesize
32KB

Download
memory/1868-50-0x0000000002980000-0x0000000002988000-memory.dmp

Filesize
32KB

Download
memory/1868-51-0x00000000029F8000-0x0000000002A00000-memory.dmp

Filesize
32KB

Download
memory/1868-57-0x0000000002A00000-0x0000000002A08000-memory.dmp

Filesize
32KB

Download
memory/1868-56-0x00000000029C8000-0x00000000029D0000-memory.dmp

Filesize
32KB

Download
memory/1868-60-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-63-0x0000000002A08000-0x0000000002A10000-memory.dmp

Filesize
32KB

Download
memory/1868-62-0x00000000029D0000-0x00000000029D8000-memory.dmp

Filesize
32KB

Download
memory/1868-61-0x0000000002968000-0x0000000002970000-memory.dmp

Filesize
32KB

Download
memory/1868-70-0x0000000002A10000-0x0000000002A18000-memory.dmp

Filesize
32KB

Download
memory/1868-75-0x0000000002A18000-0x0000000002A20000-memory.dmp

Filesize
32KB

Download
memory/1868-74-0x00000000029D8000-0x00000000029E0000-memory.dmp

Filesize
32KB

Download
memory/1868-79-0x0000000002A20000-0x0000000002A28000-memory.dmp

Filesize
32KB

Download
memory/1868-78-0x00000000029E0000-0x00000000029E8000-memory.dmp

Filesize
32KB

Download
memory/1868-112-0x0000000002A28000-0x0000000002A30000-memory.dmp

Filesize
32KB

Download
memory/1868-111-0x00000000029E8000-0x00000000029F0000-memory.dmp

Filesize
32KB

Download
memory/1868-116-0x0000000002A30000-0x0000000002A38000-memory.dmp

Filesize
32KB

Download
memory/1868-115-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/1868-114-0x0000000000330000-0x000000000033A000-memory.dmp

Filesize
40KB

Download
memory/1868-117-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-122-0x0000000002A38000-0x0000000002A40000-memory.dmp

Filesize
32KB

Download
memory/1868-157-0x00000000029F0000-0x00000000029F8000-memory.dmp

Filesize
32KB

Download
memory/1868-160-0x00000000029F8000-0x0000000002A00000-memory.dmp

Filesize
32KB

Download
memory/1868-162-0x0000000002A00000-0x0000000002A08000-memory.dmp

Filesize
32KB

Download
memory/1868-164-0x0000000002A08000-0x0000000002A10000-memory.dmp

Filesize
32KB

Download
memory/1868-166-0x0000000002A10000-0x0000000002A18000-memory.dmp

Filesize
32KB

Download
memory/1868-167-0x0000000002A18000-0x0000000002A20000-memory.dmp

Filesize
32KB

Download
memory/1868-168-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-170-0x0000000002A20000-0x0000000002A28000-memory.dmp

Filesize
32KB

Download
memory/1868-171-0x0000000002A28000-0x0000000002A30000-memory.dmp

Filesize
32KB

Download
memory/1868-173-0x0000000002A30000-0x0000000002A38000-memory.dmp

Filesize
32KB

Download
memory/1868-174-0x0000000002A38000-0x0000000002A40000-memory.dmp

Filesize
32KB

Download
memory/1868-211-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-221-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-234-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-235-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-246-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1868-254-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download