81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

Analysis

max time kernel
436s
max time network
437s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ModsServer.jar
Size

1.3MB
MD5

f38e0eab88e56059de4fce3ed36a648b
SHA1

ab6385e207b6c7cdedcf7c5171e5e6078ec8f083
SHA256

81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21
SHA512

48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840
SSDEEP

24576:FX8Q4w/S4e3XgQPmNy9SiH2uZ1H/zDAbBau5yhsxSiB+YTAECBcz8fdG9i6p5hTP:V8Q4w/SrgW0iWuX/pu5ZTApBBfdGTPz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1741612620477.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
320	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 3944	320	java.exe	89
PID 320 wrote to memory of 3944	320	java.exe	89
PID 320 wrote to memory of 2448	320	java.exe	91
PID 320 wrote to memory of 2448	320	java.exe	91
PID 2448 wrote to memory of 1216	2448	cmd.exe	93
PID 2448 wrote to memory of 1216	2448	cmd.exe	93

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3944	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ModsServer.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:320
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620477.tmp
  2⤵
  - Views/modifies file attributes
  PID:3944
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620477.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620477.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio7577864439473941679.tmp

Filesize
25KB

MD5
7ceec42a0a4baf7454614b029d79c9ac

SHA1
ba1a027cb18ba1d4007878be194fd54f2ac82a51

SHA256
57a5079393cac2fb9f3c1344d4b05a9a97614dd700efe6db560d221416d6bc35

SHA512
f6cd6a2e829535a4a8d94e84d3063bdd93a227c9e889009b6c506a4dc880a2194971592316d22c4dd470cc63a5f5a2c54b143a2180d800020972bde43c36ffde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620477.tmp

Filesize
1.3MB

MD5
f38e0eab88e56059de4fce3ed36a648b

SHA1
ab6385e207b6c7cdedcf7c5171e5e6078ec8f083

SHA256
81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

SHA512
48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840

Download Submit
memory/320-114-0x000001799CB20000-0x000001799CB30000-memory.dmp

Filesize
64KB

Download
memory/320-167-0x000001799CAF0000-0x000001799CB00000-memory.dmp

Filesize
64KB

Download
memory/320-23-0x000001799CA40000-0x000001799CA50000-memory.dmp

Filesize
64KB

Download
memory/320-22-0x000001799CA30000-0x000001799CA40000-memory.dmp

Filesize
64KB

Download
memory/320-27-0x000001799CA60000-0x000001799CA70000-memory.dmp

Filesize
64KB

Download
memory/320-26-0x000001799CA50000-0x000001799CA60000-memory.dmp

Filesize
64KB

Download
memory/320-29-0x000001799CA70000-0x000001799CA80000-memory.dmp

Filesize
64KB

Download
memory/320-31-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-17-0x000001799CA10000-0x000001799CA20000-memory.dmp

Filesize
64KB

Download
memory/320-34-0x000001799CA80000-0x000001799CA90000-memory.dmp

Filesize
64KB

Download
memory/320-41-0x000001799C790000-0x000001799CA00000-memory.dmp

Filesize
2.4MB

Download
memory/320-42-0x000001799CA90000-0x000001799CAA0000-memory.dmp

Filesize
64KB

Download
memory/320-43-0x000001799CAA0000-0x000001799CAB0000-memory.dmp

Filesize
64KB

Download
memory/320-44-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-45-0x000001799CA00000-0x000001799CA10000-memory.dmp

Filesize
64KB

Download
memory/320-46-0x000001799CA10000-0x000001799CA20000-memory.dmp

Filesize
64KB

Download
memory/320-47-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-48-0x000001799CA20000-0x000001799CA30000-memory.dmp

Filesize
64KB

Download
memory/320-50-0x000001799CA40000-0x000001799CA50000-memory.dmp

Filesize
64KB

Download
memory/320-49-0x000001799CA30000-0x000001799CA40000-memory.dmp

Filesize
64KB

Download
memory/320-51-0x000001799CA50000-0x000001799CA60000-memory.dmp

Filesize
64KB

Download
memory/320-52-0x000001799CA60000-0x000001799CA70000-memory.dmp

Filesize
64KB

Download
memory/320-129-0x000001799CAD0000-0x000001799CAE0000-memory.dmp

Filesize
64KB

Download
memory/320-54-0x000001799CA80000-0x000001799CA90000-memory.dmp

Filesize
64KB

Download
memory/320-55-0x000001799CA90000-0x000001799CAA0000-memory.dmp

Filesize
64KB

Download
memory/320-56-0x000001799CAA0000-0x000001799CAB0000-memory.dmp

Filesize
64KB

Download
memory/320-61-0x000001799CAB0000-0x000001799CAC0000-memory.dmp

Filesize
64KB

Download
memory/320-62-0x000001799CAB0000-0x000001799CAC0000-memory.dmp

Filesize
64KB

Download
memory/320-64-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-66-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-16-0x000001799CA00000-0x000001799CA10000-memory.dmp

Filesize
64KB

Download
memory/320-69-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-73-0x000001799CAD0000-0x000001799CAE0000-memory.dmp

Filesize
64KB

Download
memory/320-76-0x000001799CAE0000-0x000001799CAF0000-memory.dmp

Filesize
64KB

Download
memory/320-82-0x000001799CB00000-0x000001799CB10000-memory.dmp

Filesize
64KB

Download
memory/320-81-0x000001799CAF0000-0x000001799CB00000-memory.dmp

Filesize
64KB

Download
memory/320-95-0x000001799CB10000-0x000001799CB20000-memory.dmp

Filesize
64KB

Download
memory/320-88-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-103-0x000001799CB40000-0x000001799CB50000-memory.dmp

Filesize
64KB

Download
memory/320-102-0x000001799CB30000-0x000001799CB40000-memory.dmp

Filesize
64KB

Download
memory/320-105-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-107-0x000001799CB50000-0x000001799CB60000-memory.dmp

Filesize
64KB

Download
memory/320-108-0x000001799AEE0000-0x000001799AEE1000-memory.dmp

Filesize
4KB

Download
memory/320-116-0x000001799CAC0000-0x000001799CAD0000-memory.dmp

Filesize
64KB

Download
memory/320-115-0x000001799CB60000-0x000001799CB70000-memory.dmp

Filesize
64KB

Download
memory/320-2-0x000001799C790000-0x000001799CA00000-memory.dmp

Filesize
2.4MB

Download
memory/320-68-0x000001799CAC0000-0x000001799CAD0000-memory.dmp

Filesize
64KB

Download
memory/320-21-0x000001799CA20000-0x000001799CA30000-memory.dmp

Filesize
64KB

Download
memory/320-53-0x000001799CA70000-0x000001799CA80000-memory.dmp

Filesize
64KB

Download
memory/320-161-0x000001799CAE0000-0x000001799CAF0000-memory.dmp

Filesize
64KB

Download
memory/320-169-0x000001799CB80000-0x000001799CB90000-memory.dmp

Filesize
64KB

Download
memory/320-168-0x000001799CB00000-0x000001799CB10000-memory.dmp

Filesize
64KB

Download
memory/320-130-0x000001799CB70000-0x000001799CB80000-memory.dmp

Filesize
64KB

Download
memory/320-204-0x000001799CB90000-0x000001799CBA0000-memory.dmp

Filesize
64KB

Download
memory/320-211-0x000001799CBA0000-0x000001799CBB0000-memory.dmp

Filesize
64KB

Download
memory/320-210-0x000001799CB10000-0x000001799CB20000-memory.dmp

Filesize
64KB

Download
memory/320-236-0x000001799CBB0000-0x000001799CBC0000-memory.dmp

Filesize
64KB

Download
memory/320-235-0x000001799CB40000-0x000001799CB50000-memory.dmp

Filesize
64KB

Download
memory/320-234-0x000001799CB30000-0x000001799CB40000-memory.dmp

Filesize
64KB

Download
memory/320-272-0x000001799CBC0000-0x000001799CBD0000-memory.dmp

Filesize
64KB

Download
memory/320-271-0x000001799CB50000-0x000001799CB60000-memory.dmp

Filesize
64KB

Download
memory/320-302-0x000001799CB20000-0x000001799CB30000-memory.dmp

Filesize
64KB

Download
memory/320-304-0x000001799CBD0000-0x000001799CBE0000-memory.dmp

Filesize
64KB

Download
memory/320-303-0x000001799CB60000-0x000001799CB70000-memory.dmp

Filesize
64KB

Download
memory/320-314-0x000001799CA00000-0x000001799CA10000-memory.dmp

Filesize
64KB

Download
memory/320-319-0x000001799CA50000-0x000001799CA60000-memory.dmp

Filesize
64KB

Download
memory/320-318-0x000001799CA40000-0x000001799CA50000-memory.dmp

Filesize
64KB

Download
memory/320-317-0x000001799CA30000-0x000001799CA40000-memory.dmp

Filesize
64KB

Download
memory/320-316-0x000001799CA20000-0x000001799CA30000-memory.dmp

Filesize
64KB

Download
memory/320-315-0x000001799CA10000-0x000001799CA20000-memory.dmp

Filesize
64KB

Download
memory/320-313-0x000001799CA60000-0x000001799CA70000-memory.dmp

Filesize
64KB

Download
memory/320-321-0x000001799CA70000-0x000001799CA80000-memory.dmp

Filesize
64KB

Download
memory/320-320-0x000001799C790000-0x000001799CA00000-memory.dmp

Filesize
2.4MB

Download
memory/320-342-0x000001799CBD0000-0x000001799CBE0000-memory.dmp

Filesize
64KB

Download
memory/320-341-0x000001799CBC0000-0x000001799CBD0000-memory.dmp

Filesize
64KB

Download
memory/320-340-0x000001799CBB0000-0x000001799CBC0000-memory.dmp

Filesize
64KB

Download
memory/320-339-0x000001799CBA0000-0x000001799CBB0000-memory.dmp

Filesize
64KB

Download
memory/320-338-0x000001799CB90000-0x000001799CBA0000-memory.dmp

Filesize
64KB

Download
memory/320-337-0x000001799CB80000-0x000001799CB90000-memory.dmp

Filesize
64KB

Download
memory/320-336-0x000001799CB70000-0x000001799CB80000-memory.dmp

Filesize
64KB

Download
memory/320-335-0x000001799CB60000-0x000001799CB70000-memory.dmp

Filesize
64KB

Download
memory/320-334-0x000001799CB50000-0x000001799CB60000-memory.dmp

Filesize
64KB

Download
memory/320-333-0x000001799CB40000-0x000001799CB50000-memory.dmp

Filesize
64KB

Download
memory/320-332-0x000001799CB30000-0x000001799CB40000-memory.dmp

Filesize
64KB

Download
memory/320-331-0x000001799CB10000-0x000001799CB20000-memory.dmp

Filesize
64KB

Download
memory/320-330-0x000001799CB00000-0x000001799CB10000-memory.dmp

Filesize
64KB

Download
memory/320-329-0x000001799CAF0000-0x000001799CB00000-memory.dmp

Filesize
64KB

Download
memory/320-328-0x000001799CAE0000-0x000001799CAF0000-memory.dmp

Filesize
64KB

Download
memory/320-327-0x000001799CAD0000-0x000001799CAE0000-memory.dmp

Filesize
64KB

Download
memory/320-326-0x000001799CAC0000-0x000001799CAD0000-memory.dmp

Filesize
64KB

Download
memory/320-325-0x000001799CAB0000-0x000001799CAC0000-memory.dmp

Filesize
64KB

Download
memory/320-324-0x000001799CAA0000-0x000001799CAB0000-memory.dmp

Filesize
64KB

Download
memory/320-323-0x000001799CA90000-0x000001799CAA0000-memory.dmp

Filesize
64KB

Download
memory/320-322-0x000001799CA80000-0x000001799CA90000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads