cfb543bfeae430a44f248c20dab9d35699c1ae42b0e92dfbed201135c81d7af7

Analysis

max time kernel
840s
max time network
841s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-02-2025 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

examplemod-1.0.0 (4).jar
Size

35KB
MD5

8d89a507cef0a399769597e3f82a521d
SHA1

da0a98e6d3aa7986ec587d9ed4bb5d035fe6323b
SHA256

cfb543bfeae430a44f248c20dab9d35699c1ae42b0e92dfbed201135c81d7af7
SHA512

621cbb422756a29bf915fb6ebd5a73a2981db6139592da12a8bb24b040f959e4a7f07169ad440f26b212ec08e32a96ae617380cebf9bdaba98e5650300dc7323
SSDEEP

768:IcN7vbGiWGw7Xp5x7urXxIdHdGgdIV8lA41R9rznfXk7n:RvIGw75DqbxcHAgdU822R9rznvE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06A6D3C1-E439-11EF-8F1B-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444973787"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2636	2548	iexplore.exe	32
PID 2548 wrote to memory of 2636	2548	iexplore.exe	32
PID 2548 wrote to memory of 2636	2548	iexplore.exe	32
PID 2548 wrote to memory of 2636	2548	iexplore.exe	32

C:\Windows\system32\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\examplemod-1.0.0 (4).jar"
1⤵
PID:2244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be7a649baf2f625be367a4535bb8a448

SHA1
e1395634c42a57d052f0c1e2487e80be57d6dbd0

SHA256
8a75011838dc0678033a882619d0e95f3f658e9f830d42bb7d64afb5bdf658ec

SHA512
4e41ae6245c311a4cd30aa01adb8cb5c52bca9feabb18e4d3ccb61892416008faf2d7af79e9601185e99bc662e266631f8275f2f25fb89418e3050b1470028b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fa743a30a0b98c158436d06685aef79

SHA1
06c43480cd5e63701147d8f9023cc3bdd37ade90

SHA256
f2d9c99e10f9fc9bddf75cde9a46e767e6b7675c36c68a43248ec06f7d54e138

SHA512
9f8c25e05a5ce7dfbf4288d4f778a3415cc9be626817ae763ef8e66e24dd167e6974f09df407dd43f0b610866596b4686516e3442dd9744559a048b3b5d7a590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3571892959428a151227ee7a54750b72

SHA1
3880a4692499f4b746dfcc680529864e82a79883

SHA256
865bf836a00eb353a10561975485502de052cbe97645c2d31bcce0d730159786

SHA512
2c3198124017e82d13ccd1f394aaa09dec13e04b3fd6f99112f64b632016e9f0a53b82c20d787ea55f5ff7361a781749c6aedfc8fc702f0c96b630d7d74a21c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a5e44c7628b5e4f1d97ea387febde55

SHA1
dcc66117de841ff7777a697563329a57daa99952

SHA256
ed374be718e4bc274f31b601159d75d4434512add14e0e9814b4298a94fb627e

SHA512
1100666bf0517b545833b5ee8aed78550ad0e383cd4e0c639358bf99f98a6af0b2ac78cee74d9e84e8764cb5e90da0487ddd6e5cf2f5cd14faddc5ad773f7e90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
966234a05d845d1935b08ba1da9106cb

SHA1
d17af6a09d8cbdd4baff09f9cf9616cb72c9d40a

SHA256
2042d22b49a25a0b83bd3449752bbab4549a0926b08df728525e2ee87dce0a66

SHA512
5cf1e371a4a80c4bbc21f6b50589123773218e01fe69bfdbef1d2f24256b41f61ee27a30c9fca0ff0df535cff86b3a8dbac57902354639c35d527c5403930411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35cbfc83afe46f5265c48d61819ba3ed

SHA1
db392f2e089e63cf0b0df688628c1771c42da0dc

SHA256
659aefac5ac951001a2919f16217129cf708c5590ac300967893d9046e8080d4

SHA512
a58bdb0175e5d723a06d78e0a6a8cffb76856ec88a9efc11d54660af0cc6ff40841d11ac68f905473bda1c9453c3b7676c169cb6aa30d2b3c5357b4d752e586a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
457b38b209fc43a6834bcc7438b98696

SHA1
4c79267079e4cb0dc313453dde76dc194c8ec31a

SHA256
aed6b6445092f5d83633e2caffc303c2671d71645c77ef651fad44ad9c1658c4

SHA512
46c20f56da44cc86fda8ebaa6d77d05d2176664b29f3fa5a69d747ab0ac0d2ceed3ad58619589fd04035d785eb117a01f509706c8a3285519f13c418e4486cfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6248131cce5353b00d8640b2d2bf6b0c

SHA1
9a31fcbd3761a1c57214f73ef6770af0d42b47d1

SHA256
f9be991c8634773a6813b1243e0b42fb02e0e6c9f6ed21c3b270027d979a71e3

SHA512
ca433d8e987cb2cae46771c05c09fe2a1dd428e223c7683844d060f7e133bf06b8507445c27da30107cd68d4d53a627a9015cf961f8924b2bf25af137890f0a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d47a0dd44a449cd133ce9a5468817b1c

SHA1
1bf27e1d6e8e3a3dba4c8da918a75d67136899b3

SHA256
57a25c18539179dab34e5d9a726cfe9a58db953c9b3d63d2c7d76066d0dbeee2

SHA512
d44882ec87e4f8d5fa7d4d728714d44f3830f5c577c7631aabcce653a45d01f2e4d02451d1f85fb9566f242310916dd1399fb96611ce1e271a590b145a49ecb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df04ebd9d8447113d572d7a17e8c24be

SHA1
ed2897258f91885c3da7866b893da0df9a37ff00

SHA256
ae573431fe1130863d096ae7dd5345271c5ae910a55abae70cdc35f220a89648

SHA512
617c88624fa664999fcc9b7b626dabc0501631d4a13da61029078029f57a2cc3add763305f5ba5008d97cb0f25f776844e11fec6f617e2ec1f226bf19e28dbf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
097fc7ed77149ae48c060c6b0d6f2cea

SHA1
2275f1d1775dfc3ccfaacba17c16f0a9bb8023ff

SHA256
f3a4412ff273e8b416fdae94d670240087ad325f15e218fc310a296cb436b19c

SHA512
86c95c5271b31fed6363bd3805a0edfaff6365edf07cff0981e32279818a9cf38a11452bdb0ea7a54b05d337652358c5d5c6d20f570c66b052f858e3584915a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bad71e5f234c09adeebe285cdf2cc8c9

SHA1
eb6b81d108c981635acaa304fb47cb4eeb98a4e9

SHA256
36c97471d5489ec6813d2fe067326003ed3f6f1e74214e8bd2377f5b68e9e4b4

SHA512
36d69290897342e0d99a85b6972d2b04a36983071dc5732c922075fb2f3798d9feac797fc1755b0c7d1cb8da2e7196d2607c2f6e1310d3df144393ea8063aa9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7a111557bc5649bca666d6fbd9843c2

SHA1
76728266b0af615357c3917217f87a43aa75a7a1

SHA256
679e7c35bc2ddf93d3b38a61e65f945c829907d288dc307d2270357513c85db0

SHA512
fcc742de9d2175b6b9cd34ccf75c2bb3efa248e97ebc0b5e9b6ad1306b86445af31420482cd8f67db7c63bda04d399aca3a06aef40e8e05429201c36deefb00a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
117f409e2652be980326a65ec8200762

SHA1
165b036e037dc64131742c4bab41a3bdcd5ff9d2

SHA256
d9926abbc994e1273126d2e00ee643b6e918f960b35e467be7d617dd1258024c

SHA512
2ac76814043a95bd556c93b20eeed167480d74bf1da6b000073932763f28910e3dfedb64f2105fb929ec7349b37ef46405db3c06b4677087882060cd0ac5a03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
418de2ca2ca5176d41ff27b36f839f71

SHA1
66be3f793d06d0c587cbd92297806200b9ebe24a

SHA256
aa2d87e3b794b007da27f45d0f9f1ec7238594be08a12d111a88972215ee8109

SHA512
b1fb54cdb4dfe3fbc5edf90adef325f2ffb8ab40af2c1ccc5341357a0f31a4d5c902c7693d2f1258358eb3a68574de198b0cfbd1f74b96f15c548c113471240a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be80a810cfef91bd6c2b9201a5a823ee

SHA1
1000d216ad6b806cb86c99823733b41ce1fb794c

SHA256
c7ce766974fa21594f07cdc43f4e745aa5d35b37aa6a8f3759ba101be9c60923

SHA512
c3271b01b9f1bb85d7ffcd076bc7fb3614da1a135c69ba308672536a5aff7aa106f812f9bae06baa5e1849d6043f663d76011cbfb0de77bdd3f425b11f1975b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e432194a34a11541fe36241ab86fb852

SHA1
fed763621aa2d4bcf0e3c22df38cf9dc22ecdf1e

SHA256
ec849c6904f5e0f49481c8a91c1e47c11f7f9e9c65e50e60be9227c73fa2236c

SHA512
f6c568f170ff5317a375664da61fbfeb1f34b4129760231b6f804ead1f2df176860b0def74d4c4f0301eb294229dca5906f5814d0f5b60ef642fd5bc8baf3b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
145c2892d56d3bb1c9d0366d4c9ebdd6

SHA1
bb37d1e8cb9e1fd516950590cd062d12e300f835

SHA256
262042ae5ad8c230f60bbf8df3ecb5def084030238390cdf1f692fa4b48549ec

SHA512
9bfdbe91211eeee3a00190d7e13a2b6d36bf9c5c2a3700da5dea5f729aaa5bdda4c6abba0694184b3e9ecf5a11029e3a67de6b5e9cd73dc887c8e580ae2636ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6C4D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7CA5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2244-11-0x0000000002480000-0x00000000026F0000-memory.dmp

Filesize
2.4MB

Download
memory/2244-10-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2244-2-0x0000000002480000-0x00000000026F0000-memory.dmp

Filesize
2.4MB

Download