38e4a29ab9f16e4fa94d66b4d4e8f43a24872da912a3bdbd341e0ef21616b576

Resubmissions

12-01-2025 13:59

250112-ran7waxpaj 10

12-01-2025 13:48

250112-q38asavke1 10

12-01-2025 13:44

250112-q114paxlan 10

12-01-2025 13:37

250112-qw2jnaxjcl 10

Analysis

max time kernel
144s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AxoPac/x64/bin/javacpl.exe
Size

68KB
MD5

c2a59c7343d370bc57765896490331e5
SHA1

a50af979e08a65eb370763a7f70cdb0e179d705d
SHA256

40614fe8b91e01ad3562102e440bdbf5fac5d9f7292c6b16a58f723bfffe6066
SHA512

ca266f1b2e51f66d119e2d71e3377c229a3d583853ffb606c101afeb41689ace7d1f1594781091da67f9be9d09f3019bf048c0f819777e8f1827a56beec252c4
SSDEEP

768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javaw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javacpl.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3476	javaw.exe
3476	javaw.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 3476	1144	javacpl.exe	82
PID 1144 wrote to memory of 3476	1144	javacpl.exe	82
PID 1144 wrote to memory of 3476	1144	javacpl.exe	82

C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javacpl.exe
"C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javacpl.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\javaw.exe" -Xbootclasspath/a:"C:\Users\Admin\AppData\Local\Temp\AxoPac\x64\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
79dd371acb43b95c1a850a39d8a21368

SHA1
38f47f897ae50388ede86013922efd5622f30dea

SHA256
758ed063f6024cf59c7fb27f6a8c1b2e94014c761b46ef4a11e99e5f54dfb6e9

SHA512
011685c20461d7f7829780f9892c7f60a091a78ed318b3aef22b3a91c78bb375deabeb8fda55a7390457da6169b78fa5aa4188ca81c22044e666a773a4368e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
d836dba58a8cdf8868df0ea9e57814fd

SHA1
9e6f555b228962d511c9fec8ba3ae2f22e28b953

SHA256
9b0e6188e0a3b57cfb89549d358bdb79f3df37c52512830a62177f56b38f082d

SHA512
0fdabc733e6935acaae35947083be839784c470d30002cc3bb686a11d5e705c4117be9931995f5b9458a28f6ef3ac7ef4a67d2069e0176a371ce60686c3208bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar

Filesize
12KB

MD5
a66e19c05f3e0b24ac077a37c2b7589e

SHA1
8b9ad1517985c48c0bd11670fabd3648bac9d1ff

SHA256
9771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126

SHA512
0876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f

Download Submit
memory/3476-5-0x0000000002C40000-0x0000000002C68000-memory.dmp

Filesize
160KB

Download
memory/3476-11-0x0000000002C88000-0x0000000002C90000-memory.dmp

Filesize
32KB

Download
memory/3476-12-0x0000000002C90000-0x0000000002C98000-memory.dmp

Filesize
32KB

Download
memory/3476-28-0x0000000002CE0000-0x0000000002CE8000-memory.dmp

Filesize
32KB

Download
memory/3476-32-0x0000000002CE8000-0x0000000002CF0000-memory.dmp

Filesize
32KB

Download
memory/3476-31-0x0000000002C80000-0x0000000002C88000-memory.dmp

Filesize
32KB

Download
memory/3476-30-0x0000000002CD8000-0x0000000002CE0000-memory.dmp

Filesize
32KB

Download
memory/3476-29-0x0000000002C78000-0x0000000002C80000-memory.dmp

Filesize
32KB

Download
memory/3476-35-0x0000000002CF0000-0x0000000002CF8000-memory.dmp

Filesize
32KB

Download
memory/3476-37-0x0000000002CF8000-0x0000000002D00000-memory.dmp

Filesize
32KB

Download
memory/3476-43-0x0000000002D00000-0x0000000002D08000-memory.dmp

Filesize
32KB

Download
memory/3476-46-0x0000000002D08000-0x0000000002D10000-memory.dmp

Filesize
32KB

Download
memory/3476-51-0x0000000002D10000-0x0000000002D18000-memory.dmp

Filesize
32KB

Download
memory/3476-54-0x0000000002C40000-0x0000000002C68000-memory.dmp

Filesize
160KB

Download
memory/3476-55-0x0000000002D18000-0x0000000002D20000-memory.dmp

Filesize
32KB

Download
memory/3476-56-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-61-0x0000000002D20000-0x0000000002D28000-memory.dmp

Filesize
32KB

Download
memory/3476-60-0x0000000002C88000-0x0000000002C90000-memory.dmp

Filesize
32KB

Download
memory/3476-65-0x0000000002D28000-0x0000000002D30000-memory.dmp

Filesize
32KB

Download
memory/3476-64-0x0000000002C90000-0x0000000002C98000-memory.dmp

Filesize
32KB

Download
memory/3476-72-0x0000000002D30000-0x0000000002D38000-memory.dmp

Filesize
32KB

Download
memory/3476-71-0x0000000002CE8000-0x0000000002CF0000-memory.dmp

Filesize
32KB

Download
memory/3476-70-0x0000000002C78000-0x0000000002C80000-memory.dmp

Filesize
32KB

Download
memory/3476-69-0x0000000002CE0000-0x0000000002CE8000-memory.dmp

Filesize
32KB

Download
memory/3476-82-0x0000000002D38000-0x0000000002D40000-memory.dmp

Filesize
32KB

Download
memory/3476-107-0x0000000002D40000-0x0000000002D48000-memory.dmp

Filesize
32KB

Download
memory/3476-106-0x0000000002CF0000-0x0000000002CF8000-memory.dmp

Filesize
32KB

Download
memory/3476-111-0x0000000002D48000-0x0000000002D50000-memory.dmp

Filesize
32KB

Download
memory/3476-110-0x0000000002CF8000-0x0000000002D00000-memory.dmp

Filesize
32KB

Download
memory/3476-109-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-117-0x0000000002D50000-0x0000000002D58000-memory.dmp

Filesize
32KB

Download
memory/3476-116-0x0000000002D00000-0x0000000002D08000-memory.dmp

Filesize
32KB

Download
memory/3476-147-0x0000000002D08000-0x0000000002D10000-memory.dmp

Filesize
32KB

Download
memory/3476-149-0x0000000002D58000-0x0000000002D60000-memory.dmp

Filesize
32KB

Download
memory/3476-153-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-156-0x0000000002D60000-0x0000000002D68000-memory.dmp

Filesize
32KB

Download
memory/3476-155-0x0000000002D10000-0x0000000002D18000-memory.dmp

Filesize
32KB

Download
memory/3476-157-0x0000000002D18000-0x0000000002D20000-memory.dmp

Filesize
32KB

Download
memory/3476-158-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-159-0x0000000002D20000-0x0000000002D28000-memory.dmp

Filesize
32KB

Download
memory/3476-162-0x0000000002D28000-0x0000000002D30000-memory.dmp

Filesize
32KB

Download
memory/3476-164-0x0000000002D30000-0x0000000002D38000-memory.dmp

Filesize
32KB

Download
memory/3476-165-0x0000000002D68000-0x0000000002D70000-memory.dmp

Filesize
32KB

Download
memory/3476-166-0x0000000002D38000-0x0000000002D40000-memory.dmp

Filesize
32KB

Download
memory/3476-167-0x0000000002D40000-0x0000000002D48000-memory.dmp

Filesize
32KB

Download
memory/3476-168-0x0000000002D48000-0x0000000002D50000-memory.dmp

Filesize
32KB

Download
memory/3476-170-0x0000000002D50000-0x0000000002D58000-memory.dmp

Filesize
32KB

Download
memory/3476-171-0x0000000002D70000-0x0000000002D78000-memory.dmp

Filesize
32KB

Download
memory/3476-172-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-173-0x0000000002D58000-0x0000000002D60000-memory.dmp

Filesize
32KB

Download
memory/3476-174-0x0000000002D60000-0x0000000002D68000-memory.dmp

Filesize
32KB

Download
memory/3476-178-0x0000000002D78000-0x0000000002D80000-memory.dmp

Filesize
32KB

Download
memory/3476-180-0x0000000002D68000-0x0000000002D70000-memory.dmp

Filesize
32KB

Download
memory/3476-182-0x0000000002D80000-0x0000000002D88000-memory.dmp

Filesize
32KB

Download
memory/3476-183-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-185-0x0000000002D88000-0x0000000002D90000-memory.dmp

Filesize
32KB

Download
memory/3476-187-0x0000000002D70000-0x0000000002D78000-memory.dmp

Filesize
32KB

Download
memory/3476-192-0x0000000002D90000-0x0000000002D98000-memory.dmp

Filesize
32KB

Download
memory/3476-193-0x0000000002D78000-0x0000000002D80000-memory.dmp

Filesize
32KB

Download
memory/3476-195-0x0000000002D80000-0x0000000002D88000-memory.dmp

Filesize
32KB

Download
memory/3476-197-0x0000000002D88000-0x0000000002D90000-memory.dmp

Filesize
32KB

Download
memory/3476-198-0x0000000002D98000-0x0000000002DA0000-memory.dmp

Filesize
32KB

Download
memory/3476-201-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

Filesize
32KB

Download
memory/3476-204-0x0000000002D90000-0x0000000002D98000-memory.dmp

Filesize
32KB

Download
memory/3476-205-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-208-0x0000000002DA8000-0x0000000002DB0000-memory.dmp

Filesize
32KB

Download
memory/3476-210-0x0000000002DB0000-0x0000000002DB8000-memory.dmp

Filesize
32KB

Download
memory/3476-213-0x0000000002DB8000-0x0000000002DC0000-memory.dmp

Filesize
32KB

Download
memory/3476-212-0x0000000002D98000-0x0000000002DA0000-memory.dmp

Filesize
32KB

Download
memory/3476-215-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-218-0x0000000002DC0000-0x0000000002DC8000-memory.dmp

Filesize
32KB

Download
memory/3476-217-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

Filesize
32KB

Download
memory/3476-219-0x0000000002DC8000-0x0000000002DD0000-memory.dmp

Filesize
32KB

Download
memory/3476-221-0x0000000002DD0000-0x0000000002DD8000-memory.dmp

Filesize
32KB

Download
memory/3476-223-0x0000000002DD8000-0x0000000002DE0000-memory.dmp

Filesize
32KB

Download
memory/3476-225-0x0000000002DE0000-0x0000000002DE8000-memory.dmp

Filesize
32KB

Download
memory/3476-227-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-229-0x0000000002DE8000-0x0000000002DF0000-memory.dmp

Filesize
32KB

Download
memory/3476-231-0x0000000002DF0000-0x0000000002DF8000-memory.dmp

Filesize
32KB

Download
memory/3476-234-0x0000000002DF8000-0x0000000002E00000-memory.dmp

Filesize
32KB

Download
memory/3476-233-0x0000000002DA8000-0x0000000002DB0000-memory.dmp

Filesize
32KB

Download
memory/3476-236-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-237-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-242-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-247-0x0000000002E00000-0x0000000002E08000-memory.dmp

Filesize
32KB

Download
memory/3476-246-0x0000000002DB0000-0x0000000002DB8000-memory.dmp

Filesize
32KB

Download
memory/3476-262-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-263-0x0000000002DB8000-0x0000000002DC0000-memory.dmp

Filesize
32KB

Download
memory/3476-265-0x0000000002DC0000-0x0000000002DC8000-memory.dmp

Filesize
32KB

Download
memory/3476-266-0x0000000002E08000-0x0000000002E10000-memory.dmp

Filesize
32KB

Download
memory/3476-268-0x0000000002DC8000-0x0000000002DD0000-memory.dmp

Filesize
32KB

Download
memory/3476-269-0x0000000002DD0000-0x0000000002DD8000-memory.dmp

Filesize
32KB

Download
memory/3476-272-0x0000000002E10000-0x0000000002E18000-memory.dmp

Filesize
32KB

Download
memory/3476-271-0x0000000002DD8000-0x0000000002DE0000-memory.dmp

Filesize
32KB

Download
memory/3476-276-0x0000000002E18000-0x0000000002E20000-memory.dmp

Filesize
32KB

Download
memory/3476-275-0x0000000002DE0000-0x0000000002DE8000-memory.dmp

Filesize
32KB

Download
memory/3476-277-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-279-0x0000000002DE8000-0x0000000002DF0000-memory.dmp

Filesize
32KB

Download
memory/3476-283-0x0000000002E20000-0x0000000002E28000-memory.dmp

Filesize
32KB

Download
memory/3476-282-0x0000000002DF0000-0x0000000002DF8000-memory.dmp

Filesize
32KB

Download
memory/3476-284-0x0000000002DF8000-0x0000000002E00000-memory.dmp

Filesize
32KB

Download
memory/3476-286-0x0000000002E00000-0x0000000002E08000-memory.dmp

Filesize
32KB

Download
memory/3476-288-0x0000000002E08000-0x0000000002E10000-memory.dmp

Filesize
32KB

Download
memory/3476-289-0x0000000002E28000-0x0000000002E30000-memory.dmp

Filesize
32KB

Download
memory/3476-293-0x0000000002E10000-0x0000000002E18000-memory.dmp

Filesize
32KB

Download
memory/3476-295-0x0000000002E18000-0x0000000002E20000-memory.dmp

Filesize
32KB

Download
memory/3476-297-0x0000000002E30000-0x0000000002E38000-memory.dmp

Filesize
32KB

Download
memory/3476-299-0x0000000002E20000-0x0000000002E28000-memory.dmp

Filesize
32KB

Download
memory/3476-300-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/3476-309-0x0000000002E28000-0x0000000002E30000-memory.dmp

Filesize
32KB

Download
memory/3476-311-0x0000000002E30000-0x0000000002E38000-memory.dmp

Filesize
32KB

Download