Overview

overview

10

Static

static

10

SoulLoader...ix.jar

windows7-x64

1

SoulLoader...ix.jar

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/03/2025, 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SoulLoader2.1.1-fix.jar

  • Size

    2.5MB

  • MD5

    bc0b8f3baa70ce0ddd26603de8c0ce85

  • SHA1

    5d4d9fbb1415c3bcbf0fcbfed53baf748780f6f8

  • SHA256

    4bb33174d50928522e355c96d61b6508a436309c984fb839f6c7cf53c66403d9

  • SHA512

    5d036b4382a98eb99eecfcfa56b3eb879d91c7592bd2fae962e7ecf15cd22e7e34ed8452c98b7cff1def654df37635ab6058dbdc67ff64b8dcc5d2207b46f10c

  • SSDEEP

    49152:IDQrDuHYsHJgaub4h2c1n9wAW5QfAVz8ozBhGPLwjIQgqynlFllNps8Vuc:IsrlsH5E4h2c1TWVoIhkDQg5nlV

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\SoulLoader2.1.1-fix.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5980
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740833582923.tmp
      2⤵
      • Views/modifies file attributes
      PID:4492
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740833582923.tmp" /f"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4208
      • C:\Windows\system32\reg.exe
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740833582923.tmp" /f
        3⤵
        • Adds Run key to start application
        PID:3172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740833582923.tmp
    Filesize

    2.5MB

    MD5

    bc0b8f3baa70ce0ddd26603de8c0ce85

    SHA1

    5d4d9fbb1415c3bcbf0fcbfed53baf748780f6f8

    SHA256

    4bb33174d50928522e355c96d61b6508a436309c984fb839f6c7cf53c66403d9

    SHA512

    5d036b4382a98eb99eecfcfa56b3eb879d91c7592bd2fae962e7ecf15cd22e7e34ed8452c98b7cff1def654df37635ab6058dbdc67ff64b8dcc5d2207b46f10c

    Download Submit

  • memory/5980-42-0x00000205604E0000-0x00000205604F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-50-0x00000205604A0000-0x00000205604B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-21-0x0000020560470000-0x0000020560480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-23-0x0000020560480000-0x0000020560490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-20-0x0000020560460000-0x0000020560470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-24-0x0000020560490000-0x00000205604A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-26-0x00000205604A0000-0x00000205604B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-28-0x00000205604B0000-0x00000205604C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-31-0x00000205604C0000-0x00000205604D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-14-0x000002055E9A0000-0x000002055E9A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5980-37-0x00000205604D0000-0x00000205604E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-36-0x00000205601E0000-0x0000020560450000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/5980-40-0x000002055E9A0000-0x000002055E9A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5980-2-0x00000205601E0000-0x0000020560450000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/5980-16-0x0000020560450000-0x0000020560460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-43-0x000002055E9A0000-0x000002055E9A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5980-52-0x00000205604C0000-0x00000205604D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-46-0x0000020560470000-0x0000020560480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-48-0x0000020560480000-0x0000020560490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-49-0x0000020560490000-0x00000205604A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-44-0x0000020560450000-0x0000020560460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-51-0x00000205604B0000-0x00000205604C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-45-0x0000020560460000-0x0000020560470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-53-0x00000205604D0000-0x00000205604E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-54-0x00000205604E0000-0x00000205604F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-57-0x00000205604F0000-0x0000020560500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-59-0x00000205604F0000-0x0000020560500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-62-0x0000020560500000-0x0000020560510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-66-0x0000020560500000-0x0000020560510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5980-67-0x0000020560520000-0x0000020560530000-memory.dmp

    Filesize

    64KB

    Download