Overview

overview

10

Static

static

10

eeeeeeeeee.jar

windows7-x64

1

eeeeeeeeee.jar

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2025 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeeeeeeeee.jar

  • Size

    639KB

  • MD5

    4499732515e46f3b8a8a2ffbb1fab5b9

  • SHA1

    9ffb1e1f35d3e3e0ade19625f7a1cf70c2869411

  • SHA256

    b09142c0a565599fa55709ecca76b9ee01ff64620c2955f47a810a119b4c6404

  • SHA512

    b16a9e05cd78a431fbe07856252eabe1c4895b8fccac60a52caa0842faa021e58f4c911d30bdf97c9052b8beedab76cea4d89d0f773a57d7e1f033600dd28b90

  • SSDEEP

    12288:pLxeQE/MGEDCn4LSUKZXgo/dRj+BAmNWphgUFORqD3iuQ2xISLHDQB:pL0QgADa4O3XgoHWRWpeKDiu9xTLHDQB

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\eeeeeeeeee.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740048991889.tmp" /f"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1520
      • C:\Windows\system32\reg.exe
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740048991889.tmp" /f
        3⤵
        • Adds Run key to start application
        PID:4900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2764-2-0x0000019D352A0000-0x0000019D35510000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2764-14-0x0000019D33AD0000-0x0000019D33AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-16-0x0000019D35510000-0x0000019D35520000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-18-0x0000019D35520000-0x0000019D35530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-21-0x0000019D35530000-0x0000019D35540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-22-0x0000019D35540000-0x0000019D35550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-24-0x0000019D35550000-0x0000019D35560000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-26-0x0000019D35560000-0x0000019D35570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-28-0x0000019D35570000-0x0000019D35580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-31-0x0000019D35580000-0x0000019D35590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-35-0x0000019D33AD0000-0x0000019D33AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-36-0x0000019D352A0000-0x0000019D35510000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2764-38-0x0000019D35590000-0x0000019D355A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-37-0x0000019D35510000-0x0000019D35520000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-40-0x0000019D33AD0000-0x0000019D33AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-42-0x0000019D35520000-0x0000019D35530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-43-0x0000019D355A0000-0x0000019D355B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-44-0x0000019D35530000-0x0000019D35540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-45-0x0000019D35540000-0x0000019D35550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-46-0x0000019D35550000-0x0000019D35560000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-47-0x0000019D35560000-0x0000019D35570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-48-0x0000019D35570000-0x0000019D35580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-49-0x0000019D35580000-0x0000019D35590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-50-0x0000019D35590000-0x0000019D355A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-51-0x0000019D355A0000-0x0000019D355B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-53-0x0000019D355B0000-0x0000019D355C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-55-0x0000019D355B0000-0x0000019D355C0000-memory.dmp

    Filesize

    64KB

    Download