81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

Analysis

max time kernel
94s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ModsServer.jar
Size

1.3MB
MD5

f38e0eab88e56059de4fce3ed36a648b
SHA1

ab6385e207b6c7cdedcf7c5171e5e6078ec8f083
SHA256

81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21
SHA512

48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840
SSDEEP

24576:FX8Q4w/S4e3XgQPmNy9SiH2uZ1H/zDAbBau5yhsxSiB+YTAECBcz8fdG9i6p5hTP:V8Q4w/SrgW0iWuX/pu5ZTApBBfdGTPz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1170604239-850860757-3112005715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1741614199918.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3444	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 4928	3444	java.exe	87
PID 3444 wrote to memory of 4928	3444	java.exe	87
PID 3444 wrote to memory of 736	3444	java.exe	89
PID 3444 wrote to memory of 736	3444	java.exe	89
PID 736 wrote to memory of 264	736	cmd.exe	91
PID 736 wrote to memory of 264	736	cmd.exe	91

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4928	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ModsServer.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741614199918.tmp
  2⤵
  - Views/modifies file attributes
  PID:4928
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741614199918.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:736
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741614199918.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio1600544493611867926.tmp

Filesize
31KB

MD5
ef710b3e6b8b745160307b3816b60afa

SHA1
7ffedd853d7dec31acb7eea55fc6ccd9aa7c1361

SHA256
941cc1df4fa0a9f3230dee66ec38a7462005ea26861f28d92f5a61026b3fbff6

SHA512
13479aa06caf419e9a8e1901e8bfc3a514c4547317e8c695cf221bb76f9745c2f962a05cf3cb9b57615d85d7b8eac4c58151b711c566230d1185244fb73bf701

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1892513879141670178.tmp

Filesize
73KB

MD5
5b88bbaa9e9a11639db689e7499203ee

SHA1
105032c32cc21007070f391b550dac54240fd152

SHA256
e6ee0945f3bd7ef4bdb58715ee0503e22a37112ae8e32eb6d10cbe814d333b26

SHA512
a71511f38b70acfbc2df763a0d52a90caf46d855fb349d361a1d22e49407d29a2d9f53bbb14c79f356eabde012b060d0400582a2e7e2890dc3f968bcc8ea9af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2441952754643944491.tmp

Filesize
67KB

MD5
99dec77e98fd65286f8d420c58e78f81

SHA1
de058f27dbf297fcd77b8c14b5a9c1170d693e3a

SHA256
0a6dd1c4e36e6f7404ee933a2274fa4beca8c629fe8b795a0a2e5762896f6515

SHA512
ccc6a8af0879dac503e8207ff1d8905e90eb98dc63c113cc3835f412da1655fbd6871d0702894078c48a2d506f1372355df46ca267f1dbfc122018b154c57910

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3484739288072807109.tmp

Filesize
35KB

MD5
928ee6e4204ae136ad402affbc9970b8

SHA1
9886a8129bba970652e5fb99e0f188c17bb249ff

SHA256
2cfa6ca51f8faddc0a2370d89b550cc976885b671041bdbaad39845d69fce6ce

SHA512
bd155d84ad9462b3d2b98f1cd8f05089e042f9199a9793c7b2aa2b7e92ff1d412ecd6ee1b61fcbd3c435a70ba7c12508de8b825bdb9b90b30a493756c2488494

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3798965971280788475.tmp

Filesize
31KB

MD5
2617f571f6124abb0397b1e1c8c194dc

SHA1
87634edce1c6118696103fb88b25df21b918e86e

SHA256
74091a822ab959104f9e8ea8d683ca4ea7f2825b2d5f50ce6ddf605e109289c3

SHA512
8d246fc50dff2e3cde3362933485e5126fd9ec48f67432490a13b271f97589d789cf207b231f9f9bf86431f28c2b4c5818c7b4232d27b1e5e6da62420057ff5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6850259111594387441.tmp

Filesize
73KB

MD5
82f93f959da1ba77dcc075c9bd0e9ed5

SHA1
8ae1775d7fb17fd1f8ea48c130acf5334664ff13

SHA256
fc827069e94f20561be2f3bf9361085a4f30ad11a6255e9f8a60cc3fe5a42499

SHA512
565b30741505fc201c24424b7d64c3b10da5947410b15d92a203a22ecc03060c764abce1c9610567edca924a048bffaaacb8f5389dec6833a375afb075f5b60c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio8519700707651583051.tmp

Filesize
62KB

MD5
60b2ce3297d313c8bf9f55422ebb20ed

SHA1
4f5d83c3f8a3e7f475da6350edb33a2032f6701e

SHA256
4e93f589cdd30f6e32b4de6a8aba431f6bcc920d381a1a674148d09e017c95e3

SHA512
f2e0a25dce065f7206a2849466a8270bdae11a8352b9dda1a8395a056ef407fa33de3e2b6b3a24d49f594ac7b1c1c6dee760e4eeb2726e598608113d4967de31

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio8854735230030902710.tmp

Filesize
64KB

MD5
55af3ad5dd3f5f74604fd4ab5c4a211c

SHA1
5658fbad7bb759828806f6f2bcf82e7b15477743

SHA256
135a3bfac2535b1b03a8dd85434ed9b55a898008a1d32d1c2fb250144988e438

SHA512
426c1aed68135d1117b2d9f382d7512a5a7c1f7460f88a8bac43a722906fd65b194f857b139a2a0629b1fa6c74046a737dd95c54754298b8809595cf07663a40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741614199918.tmp

Filesize
1.3MB

MD5
f38e0eab88e56059de4fce3ed36a648b

SHA1
ab6385e207b6c7cdedcf7c5171e5e6078ec8f083

SHA256
81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

SHA512
48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840

Download Submit
memory/3444-214-0x000001FEE0340000-0x000001FEE0350000-memory.dmp

Filesize
64KB

Download
memory/3444-911-0x000001FEE0440000-0x000001FEE0450000-memory.dmp

Filesize
64KB

Download
memory/3444-17-0x000001FEE01B0000-0x000001FEE01C0000-memory.dmp

Filesize
64KB

Download
memory/3444-27-0x000001FEE0200000-0x000001FEE0210000-memory.dmp

Filesize
64KB

Download
memory/3444-28-0x000001FEE0210000-0x000001FEE0220000-memory.dmp

Filesize
64KB

Download
memory/3444-30-0x000001FEE0220000-0x000001FEE0230000-memory.dmp

Filesize
64KB

Download
memory/3444-32-0x000001FEE0230000-0x000001FEE0240000-memory.dmp

Filesize
64KB

Download
memory/3444-37-0x000001FEE0240000-0x000001FEE0250000-memory.dmp

Filesize
64KB

Download
memory/3444-36-0x000001FEDFF40000-0x000001FEE01B0000-memory.dmp

Filesize
2.4MB

Download
memory/3444-43-0x000001FEE0250000-0x000001FEE0260000-memory.dmp

Filesize
64KB

Download
memory/3444-44-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-45-0x000001FEE01B0000-0x000001FEE01C0000-memory.dmp

Filesize
64KB

Download
memory/3444-46-0x000001FEE01C0000-0x000001FEE01D0000-memory.dmp

Filesize
64KB

Download
memory/3444-48-0x000001FEE01D0000-0x000001FEE01E0000-memory.dmp

Filesize
64KB

Download
memory/3444-49-0x000001FEE01E0000-0x000001FEE01F0000-memory.dmp

Filesize
64KB

Download
memory/3444-50-0x000001FEE01F0000-0x000001FEE0200000-memory.dmp

Filesize
64KB

Download
memory/3444-51-0x000001FEE0200000-0x000001FEE0210000-memory.dmp

Filesize
64KB

Download
memory/3444-52-0x000001FEE0210000-0x000001FEE0220000-memory.dmp

Filesize
64KB

Download
memory/3444-53-0x000001FEE0220000-0x000001FEE0230000-memory.dmp

Filesize
64KB

Download
memory/3444-54-0x000001FEE0230000-0x000001FEE0240000-memory.dmp

Filesize
64KB

Download
memory/3444-55-0x000001FEE0240000-0x000001FEE0250000-memory.dmp

Filesize
64KB

Download
memory/3444-56-0x000001FEE0250000-0x000001FEE0260000-memory.dmp

Filesize
64KB

Download
memory/3444-60-0x000001FEE0260000-0x000001FEE0270000-memory.dmp

Filesize
64KB

Download
memory/3444-63-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-65-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-66-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-70-0x000001FEE0270000-0x000001FEE0280000-memory.dmp

Filesize
64KB

Download
memory/3444-69-0x000001FEE0260000-0x000001FEE0270000-memory.dmp

Filesize
64KB

Download
memory/3444-74-0x000001FEE0280000-0x000001FEE0290000-memory.dmp

Filesize
64KB

Download
memory/3444-75-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-79-0x000001FEE0290000-0x000001FEE02A0000-memory.dmp

Filesize
64KB

Download
memory/3444-82-0x000001FEE02A0000-0x000001FEE02B0000-memory.dmp

Filesize
64KB

Download
memory/3444-84-0x000001FEE02B0000-0x000001FEE02C0000-memory.dmp

Filesize
64KB

Download
memory/3444-86-0x000001FEE02C0000-0x000001FEE02D0000-memory.dmp

Filesize
64KB

Download
memory/3444-92-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-102-0x000001FEE02D0000-0x000001FEE02E0000-memory.dmp

Filesize
64KB

Download
memory/3444-106-0x000001FEE02E0000-0x000001FEE02F0000-memory.dmp

Filesize
64KB

Download
memory/3444-111-0x000001FEE02F0000-0x000001FEE0300000-memory.dmp

Filesize
64KB

Download
memory/3444-128-0x000001FEE0300000-0x000001FEE0310000-memory.dmp

Filesize
64KB

Download
memory/3444-149-0x000001FEE0310000-0x000001FEE0320000-memory.dmp

Filesize
64KB

Download
memory/3444-148-0x000001FEE0270000-0x000001FEE0280000-memory.dmp

Filesize
64KB

Download
memory/3444-235-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-157-0x000001FEE0280000-0x000001FEE0290000-memory.dmp

Filesize
64KB

Download
memory/3444-167-0x000001FEE0330000-0x000001FEE0340000-memory.dmp

Filesize
64KB

Download
memory/3444-166-0x000001FEE0290000-0x000001FEE02A0000-memory.dmp

Filesize
64KB

Download
memory/3444-201-0x000001FEE02A0000-0x000001FEE02B0000-memory.dmp

Filesize
64KB

Download
memory/3444-213-0x000001FEE02B0000-0x000001FEE02C0000-memory.dmp

Filesize
64KB

Download
memory/3444-22-0x000001FEE01D0000-0x000001FEE01E0000-memory.dmp

Filesize
64KB

Download
memory/3444-229-0x000001FEE02D0000-0x000001FEE02E0000-memory.dmp

Filesize
64KB

Download
memory/3444-228-0x000001FEE0360000-0x000001FEE0370000-memory.dmp

Filesize
64KB

Download
memory/3444-227-0x000001FEE0350000-0x000001FEE0360000-memory.dmp

Filesize
64KB

Download
memory/3444-226-0x000001FEE02C0000-0x000001FEE02D0000-memory.dmp

Filesize
64KB

Download
memory/3444-18-0x000001FEE01C0000-0x000001FEE01D0000-memory.dmp

Filesize
64KB

Download
memory/3444-232-0x000001FEE0370000-0x000001FEE0380000-memory.dmp

Filesize
64KB

Download
memory/3444-158-0x000001FEE0320000-0x000001FEE0330000-memory.dmp

Filesize
64KB

Download
memory/3444-260-0x000001FEE0380000-0x000001FEE0390000-memory.dmp

Filesize
64KB

Download
memory/3444-259-0x000001FEE02F0000-0x000001FEE0300000-memory.dmp

Filesize
64KB

Download
memory/3444-262-0x000001FEE0300000-0x000001FEE0310000-memory.dmp

Filesize
64KB

Download
memory/3444-263-0x000001FEE0390000-0x000001FEE03A0000-memory.dmp

Filesize
64KB

Download
memory/3444-325-0x000001FEE0310000-0x000001FEE0320000-memory.dmp

Filesize
64KB

Download
memory/3444-327-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-390-0x000001FEE03A0000-0x000001FEE03B0000-memory.dmp

Filesize
64KB

Download
memory/3444-389-0x000001FEE0320000-0x000001FEE0330000-memory.dmp

Filesize
64KB

Download
memory/3444-446-0x000001FEE0330000-0x000001FEE0340000-memory.dmp

Filesize
64KB

Download
memory/3444-447-0x000001FEE03B0000-0x000001FEE03C0000-memory.dmp

Filesize
64KB

Download
memory/3444-449-0x000001FEE03C0000-0x000001FEE03D0000-memory.dmp

Filesize
64KB

Download
memory/3444-502-0x000001FEE03D0000-0x000001FEE03E0000-memory.dmp

Filesize
64KB

Download
memory/3444-501-0x000001FEE0340000-0x000001FEE0350000-memory.dmp

Filesize
64KB

Download
memory/3444-551-0x000001FEE03E0000-0x000001FEE03F0000-memory.dmp

Filesize
64KB

Download
memory/3444-550-0x000001FEE0350000-0x000001FEE0360000-memory.dmp

Filesize
64KB

Download
memory/3444-554-0x000001FEE03F0000-0x000001FEE0400000-memory.dmp

Filesize
64KB

Download
memory/3444-553-0x000001FEE0360000-0x000001FEE0370000-memory.dmp

Filesize
64KB

Download
memory/3444-559-0x000001FEE0420000-0x000001FEE0430000-memory.dmp

Filesize
64KB

Download
memory/3444-558-0x000001FEE0370000-0x000001FEE0380000-memory.dmp

Filesize
64KB

Download
memory/3444-561-0x000001FEE0410000-0x000001FEE0420000-memory.dmp

Filesize
64KB

Download
memory/3444-560-0x000001FEE0380000-0x000001FEE0390000-memory.dmp

Filesize
64KB

Download
memory/3444-597-0x000001FEE0390000-0x000001FEE03A0000-memory.dmp

Filesize
64KB

Download
memory/3444-598-0x000001FEE0430000-0x000001FEE0440000-memory.dmp

Filesize
64KB

Download
memory/3444-601-0x000001FEE0440000-0x000001FEE0450000-memory.dmp

Filesize
64KB

Download
memory/3444-603-0x000001FEE0450000-0x000001FEE0460000-memory.dmp

Filesize
64KB

Download
memory/3444-602-0x000001FEE03A0000-0x000001FEE03B0000-memory.dmp

Filesize
64KB

Download
memory/3444-651-0x000001FEE03B0000-0x000001FEE03C0000-memory.dmp

Filesize
64KB

Download
memory/3444-654-0x000001FEE0460000-0x000001FEE0470000-memory.dmp

Filesize
64KB

Download
memory/3444-653-0x000001FEE03C0000-0x000001FEE03D0000-memory.dmp

Filesize
64KB

Download
memory/3444-23-0x000001FEE01E0000-0x000001FEE01F0000-memory.dmp

Filesize
64KB

Download
memory/3444-24-0x000001FEE01F0000-0x000001FEE0200000-memory.dmp

Filesize
64KB

Download
memory/3444-696-0x000001FEE03D0000-0x000001FEE03E0000-memory.dmp

Filesize
64KB

Download
memory/3444-732-0x000001FEE03E0000-0x000001FEE03F0000-memory.dmp

Filesize
64KB

Download
memory/3444-14-0x000001FEDFF20000-0x000001FEDFF21000-memory.dmp

Filesize
4KB

Download
memory/3444-763-0x000001FEE03F0000-0x000001FEE0400000-memory.dmp

Filesize
64KB

Download
memory/3444-805-0x000001FEE0420000-0x000001FEE0430000-memory.dmp

Filesize
64KB

Download
memory/3444-839-0x000001FEE0410000-0x000001FEE0420000-memory.dmp

Filesize
64KB

Download
memory/3444-867-0x000001FEE0430000-0x000001FEE0440000-memory.dmp

Filesize
64KB

Download
memory/3444-231-0x000001FEE02E0000-0x000001FEE02F0000-memory.dmp

Filesize
64KB

Download
memory/3444-2-0x000001FEDFF40000-0x000001FEE01B0000-memory.dmp

Filesize
2.4MB

Download
memory/3444-945-0x000001FEE0450000-0x000001FEE0460000-memory.dmp

Filesize
64KB

Download
memory/3444-960-0x000001FEDFF40000-0x000001FEE01B0000-memory.dmp

Filesize
2.4MB

Download
memory/3444-968-0x000001FEE0220000-0x000001FEE0230000-memory.dmp

Filesize
64KB

Download
memory/3444-967-0x000001FEE0210000-0x000001FEE0220000-memory.dmp

Filesize
64KB

Download
memory/3444-966-0x000001FEE0200000-0x000001FEE0210000-memory.dmp

Filesize
64KB

Download
memory/3444-965-0x000001FEE01F0000-0x000001FEE0200000-memory.dmp

Filesize
64KB

Download
memory/3444-964-0x000001FEE01E0000-0x000001FEE01F0000-memory.dmp

Filesize
64KB

Download
memory/3444-963-0x000001FEE01D0000-0x000001FEE01E0000-memory.dmp

Filesize
64KB

Download
memory/3444-962-0x000001FEE01C0000-0x000001FEE01D0000-memory.dmp

Filesize
64KB

Download
memory/3444-961-0x000001FEE01B0000-0x000001FEE01C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads