81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

Analysis

max time kernel
438s
max time network
439s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2025, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ModsServer.jar
Size

1.3MB
MD5

f38e0eab88e56059de4fce3ed36a648b
SHA1

ab6385e207b6c7cdedcf7c5171e5e6078ec8f083
SHA256

81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21
SHA512

48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840
SSDEEP

24576:FX8Q4w/S4e3XgQPmNy9SiH2uZ1H/zDAbBau5yhsxSiB+YTAECBcz8fdG9i6p5hTP:V8Q4w/SrgW0iWuX/pu5ZTApBBfdGTPz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1741612620754.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2648	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 5144	2648	java.exe	83
PID 2648 wrote to memory of 5144	2648	java.exe	83
PID 2648 wrote to memory of 3344	2648	java.exe	85
PID 2648 wrote to memory of 3344	2648	java.exe	85
PID 3344 wrote to memory of 4800	3344	cmd.exe	87
PID 3344 wrote to memory of 4800	3344	cmd.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5144	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ModsServer.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620754.tmp
  2⤵
  - Views/modifies file attributes
  PID:5144
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620754.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3344
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620754.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio3482025672121753192.tmp

Filesize
25KB

MD5
41930621ce6c64a46d2a5706fc07d5f6

SHA1
ac20d6f9bb24d08fd311b57a0dc86a81c8cf0180

SHA256
3c1dbbddca623f56905cf0ce740b0f19edcf72ab98ff913c250890f9863d8852

SHA512
76773754ddd4554302e4af46b3476e5e8168f6200f5037afde92c4f6ee3f4d63e4103cf3c0a1acbf53d25593463d17f2e76ab6a6c40678011fae3b03c8e8732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3875391118045316221.tmp

Filesize
52KB

MD5
6472fa767f857cf28e44bb8511887013

SHA1
0a4f1cd554080066e6fc7d796d1c8bb2090cce7c

SHA256
5de17c6b1f7d759e7cdd29f35664076b0d5fb75e02e92f3e43f7bf5d789adad7

SHA512
071f8c47005a3e5f33664fdb82f757b4e1464e0cec9934481a17546a1953a16b38333dbc57efc9bfa4a3987057dfd9b6583c43ce5abcccf85a85aa357a40ec86

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4462545439511569851.tmp

Filesize
50KB

MD5
004b3314b37dfda494a557e83d20ff78

SHA1
7f1331f4b16bda161372cb0b93ab563466056156

SHA256
908163ecb6f632ffe3a9436856c99e9efb1f1818b158e5779fa21d00437f2cf4

SHA512
1e8a606d1267299d07083b2d421398d59c14c42582d4741f98d2a2080bce6e7b6caa87fc5450bd68fae6647819ad604d1ed1761ef3c1d760206029fdbd296565

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7030236818390567663.tmp

Filesize
25KB

MD5
ff05c0ad3462fc2455c2ae969e9c0945

SHA1
a6bd179a98b81597431846d707782f1e565a862d

SHA256
a517ebcba63ed0853cb521c0217f56505a842142a930fde187a692b7cda4c1b9

SHA512
117a45ee1e58f5512f198901dd29fde8849b92269cdac839bcfa6f0581b9c08c12553e261649e5af2d78ca1eb1fea0e7d8da83186fbdae784ccc403e7099e013

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio861891237498183666.tmp

Filesize
52KB

MD5
05b6d5545c13ebe9220f6374f8eaf1a9

SHA1
de24a128d12df1873886eb1e4f5b623fd984eb19

SHA256
1127ceac4af37289498eb854dd155fa75a97e913ef1426b716da001958bb26e6

SHA512
fdb3226959c17c7e27ab4f58562fea780568369e68f4f688532e4964cd0c41f3af49dda6bd4f8ff785ae1e9cb523b6c61668639b9c83644ba47b625abdfbdf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio9146242943948077339.tmp

Filesize
28KB

MD5
1f0f9fd481cb0fb43f0a88479a1457d1

SHA1
12879de6c3119695d27f5d02e35c63564ed4220b

SHA256
6584c431418996f202c0bf43a6c46d5c587967b1a3449bad60b443ee033ccd34

SHA512
ec78cd8200e51dc185c1232d993096987d92337c2064e9c10cbbab705ef1b6b02c6515f4860c17acf39eab9eacf00fedb617bfecd9875aee78a7c5fb026b5ca0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1741612620754.tmp

Filesize
1.3MB

MD5
f38e0eab88e56059de4fce3ed36a648b

SHA1
ab6385e207b6c7cdedcf7c5171e5e6078ec8f083

SHA256
81bc6373b72bd2222078888eddd62afa82e4e6576f0954f57b8898f7fcf90c21

SHA512
48c789ef706f5fd115d1eb717ea4d99980a8092b28db5509271d4fc96a6b16c1ddc9ed406c18f765b53670c0b53c4aa1f1a50fb50c0301eb6f087761da332840

Download Submit
memory/2648-176-0x000001C8C28B0000-0x000001C8C28C0000-memory.dmp

Filesize
64KB

Download
memory/2648-59-0x000001C8C2860000-0x000001C8C2870000-memory.dmp

Filesize
64KB

Download
memory/2648-30-0x000001C8C2820000-0x000001C8C2830000-memory.dmp

Filesize
64KB

Download
memory/2648-32-0x000001C8C2540000-0x000001C8C27B0000-memory.dmp

Filesize
2.4MB

Download
memory/2648-33-0x000001C8C2830000-0x000001C8C2840000-memory.dmp

Filesize
64KB

Download
memory/2648-28-0x000001C8C2810000-0x000001C8C2820000-memory.dmp

Filesize
64KB

Download
memory/2648-37-0x000001C8C2840000-0x000001C8C2850000-memory.dmp

Filesize
64KB

Download
memory/2648-40-0x000001C8C2850000-0x000001C8C2860000-memory.dmp

Filesize
64KB

Download
memory/2648-39-0x000001C8C27B0000-0x000001C8C27C0000-memory.dmp

Filesize
64KB

Download
memory/2648-45-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-46-0x000001C8C27C0000-0x000001C8C27D0000-memory.dmp

Filesize
64KB

Download
memory/2648-47-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-48-0x000001C8C27D0000-0x000001C8C27E0000-memory.dmp

Filesize
64KB

Download
memory/2648-50-0x000001C8C27E0000-0x000001C8C27F0000-memory.dmp

Filesize
64KB

Download
memory/2648-51-0x000001C8C27F0000-0x000001C8C2800000-memory.dmp

Filesize
64KB

Download
memory/2648-52-0x000001C8C2800000-0x000001C8C2810000-memory.dmp

Filesize
64KB

Download
memory/2648-53-0x000001C8C2810000-0x000001C8C2820000-memory.dmp

Filesize
64KB

Download
memory/2648-54-0x000001C8C2820000-0x000001C8C2830000-memory.dmp

Filesize
64KB

Download
memory/2648-55-0x000001C8C2830000-0x000001C8C2840000-memory.dmp

Filesize
64KB

Download
memory/2648-56-0x000001C8C2840000-0x000001C8C2850000-memory.dmp

Filesize
64KB

Download
memory/2648-57-0x000001C8C2850000-0x000001C8C2860000-memory.dmp

Filesize
64KB

Download
memory/2648-224-0x000001C8C28C0000-0x000001C8C28D0000-memory.dmp

Filesize
64KB

Download
memory/2648-61-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-63-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-64-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-258-0x000001C8C2980000-0x000001C8C2990000-memory.dmp

Filesize
64KB

Download
memory/2648-68-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-72-0x000001C8C2880000-0x000001C8C2890000-memory.dmp

Filesize
64KB

Download
memory/2648-73-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-76-0x000001C8C2890000-0x000001C8C28A0000-memory.dmp

Filesize
64KB

Download
memory/2648-82-0x000001C8C28B0000-0x000001C8C28C0000-memory.dmp

Filesize
64KB

Download
memory/2648-81-0x000001C8C28A0000-0x000001C8C28B0000-memory.dmp

Filesize
64KB

Download
memory/2648-84-0x000001C8C28C0000-0x000001C8C28D0000-memory.dmp

Filesize
64KB

Download
memory/2648-100-0x000001C8C28D0000-0x000001C8C28E0000-memory.dmp

Filesize
64KB

Download
memory/2648-104-0x000001C8C28E0000-0x000001C8C28F0000-memory.dmp

Filesize
64KB

Download
memory/2648-110-0x000001C8C28F0000-0x000001C8C2900000-memory.dmp

Filesize
64KB

Download
memory/2648-109-0x000001C8C2860000-0x000001C8C2870000-memory.dmp

Filesize
64KB

Download
memory/2648-24-0x000001C8C27F0000-0x000001C8C2800000-memory.dmp

Filesize
64KB

Download
memory/2648-120-0x000001C8C2900000-0x000001C8C2910000-memory.dmp

Filesize
64KB

Download
memory/2648-150-0x000001C8C2910000-0x000001C8C2920000-memory.dmp

Filesize
64KB

Download
memory/2648-225-0x000001C8C2970000-0x000001C8C2980000-memory.dmp

Filesize
64KB

Download
memory/2648-169-0x000001C8C2940000-0x000001C8C2950000-memory.dmp

Filesize
64KB

Download
memory/2648-168-0x000001C8C2880000-0x000001C8C2890000-memory.dmp

Filesize
64KB

Download
memory/2648-174-0x000001C8C2920000-0x000001C8C2930000-memory.dmp

Filesize
64KB

Download
memory/2648-173-0x000001C8C2890000-0x000001C8C28A0000-memory.dmp

Filesize
64KB

Download
memory/2648-177-0x000001C8C2950000-0x000001C8C2960000-memory.dmp

Filesize
64KB

Download
memory/2648-2-0x000001C8C2540000-0x000001C8C27B0000-memory.dmp

Filesize
2.4MB

Download
memory/2648-175-0x000001C8C28A0000-0x000001C8C28B0000-memory.dmp

Filesize
64KB

Download
memory/2648-23-0x000001C8C27E0000-0x000001C8C27F0000-memory.dmp

Filesize
64KB

Download
memory/2648-197-0x000001C8C2960000-0x000001C8C2970000-memory.dmp

Filesize
64KB

Download
memory/2648-149-0x000001C8C2870000-0x000001C8C2880000-memory.dmp

Filesize
64KB

Download
memory/2648-27-0x000001C8C2800000-0x000001C8C2810000-memory.dmp

Filesize
64KB

Download
memory/2648-67-0x000001C8C2870000-0x000001C8C2880000-memory.dmp

Filesize
64KB

Download
memory/2648-257-0x000001C8C28D0000-0x000001C8C28E0000-memory.dmp

Filesize
64KB

Download
memory/2648-292-0x000001C8C28E0000-0x000001C8C28F0000-memory.dmp

Filesize
64KB

Download
memory/2648-293-0x000001C8C2990000-0x000001C8C29A0000-memory.dmp

Filesize
64KB

Download
memory/2648-304-0x000001C8C29A0000-0x000001C8C29B0000-memory.dmp

Filesize
64KB

Download
memory/2648-303-0x000001C8C28F0000-0x000001C8C2900000-memory.dmp

Filesize
64KB

Download
memory/2648-338-0x000001C8C29B0000-0x000001C8C29C0000-memory.dmp

Filesize
64KB

Download
memory/2648-337-0x000001C8C2900000-0x000001C8C2910000-memory.dmp

Filesize
64KB

Download
memory/2648-381-0x000001C8C29C0000-0x000001C8C29D0000-memory.dmp

Filesize
64KB

Download
memory/2648-380-0x000001C8C2910000-0x000001C8C2920000-memory.dmp

Filesize
64KB

Download
memory/2648-408-0x000001C8C2940000-0x000001C8C2950000-memory.dmp

Filesize
64KB

Download
memory/2648-409-0x000001C8C29D0000-0x000001C8C29E0000-memory.dmp

Filesize
64KB

Download
memory/2648-428-0x000001C8C29E0000-0x000001C8C29F0000-memory.dmp

Filesize
64KB

Download
memory/2648-427-0x000001C8C2920000-0x000001C8C2930000-memory.dmp

Filesize
64KB

Download
memory/2648-437-0x000001C8C29F0000-0x000001C8C2A00000-memory.dmp

Filesize
64KB

Download
memory/2648-436-0x000001C8C2950000-0x000001C8C2960000-memory.dmp

Filesize
64KB

Download
memory/2648-20-0x000001C8C27D0000-0x000001C8C27E0000-memory.dmp

Filesize
64KB

Download
memory/2648-464-0x000001C8C2A00000-0x000001C8C2A10000-memory.dmp

Filesize
64KB

Download
memory/2648-463-0x000001C8C2960000-0x000001C8C2970000-memory.dmp

Filesize
64KB

Download
memory/2648-470-0x000001C8C2A20000-0x000001C8C2A30000-memory.dmp

Filesize
64KB

Download
memory/2648-469-0x000001C8C2970000-0x000001C8C2980000-memory.dmp

Filesize
64KB

Download
memory/2648-479-0x000001C8C2A30000-0x000001C8C2A40000-memory.dmp

Filesize
64KB

Download
memory/2648-478-0x000001C8C2980000-0x000001C8C2990000-memory.dmp

Filesize
64KB

Download
memory/2648-484-0x000001C8C2A40000-0x000001C8C2A50000-memory.dmp

Filesize
64KB

Download
memory/2648-18-0x000001C8C27C0000-0x000001C8C27D0000-memory.dmp

Filesize
64KB

Download
memory/2648-508-0x000001C8C29A0000-0x000001C8C29B0000-memory.dmp

Filesize
64KB

Download
memory/2648-532-0x000001C8C29B0000-0x000001C8C29C0000-memory.dmp

Filesize
64KB

Download
memory/2648-17-0x000001C8C27B0000-0x000001C8C27C0000-memory.dmp

Filesize
64KB

Download
memory/2648-554-0x000001C8C29C0000-0x000001C8C29D0000-memory.dmp

Filesize
64KB

Download
memory/2648-566-0x000001C8C29D0000-0x000001C8C29E0000-memory.dmp

Filesize
64KB

Download
memory/2648-567-0x000001C8C2A50000-0x000001C8C2A60000-memory.dmp

Filesize
64KB

Download
memory/2648-14-0x000001C8C0D30000-0x000001C8C0D31000-memory.dmp

Filesize
4KB

Download
memory/2648-589-0x000001C8C29E0000-0x000001C8C29F0000-memory.dmp

Filesize
64KB

Download
memory/2648-614-0x000001C8C29F0000-0x000001C8C2A00000-memory.dmp

Filesize
64KB

Download
memory/2648-638-0x000001C8C2A00000-0x000001C8C2A10000-memory.dmp

Filesize
64KB

Download
memory/2648-665-0x000001C8C2A20000-0x000001C8C2A30000-memory.dmp

Filesize
64KB

Download
memory/2648-689-0x000001C8C2A30000-0x000001C8C2A40000-memory.dmp

Filesize
64KB

Download
memory/2648-715-0x000001C8C2A40000-0x000001C8C2A50000-memory.dmp

Filesize
64KB

Download
memory/2648-737-0x000001C8C2540000-0x000001C8C27B0000-memory.dmp

Filesize
2.4MB

Download
memory/2648-750-0x000001C8C2870000-0x000001C8C2880000-memory.dmp

Filesize
64KB

Download
memory/2648-749-0x000001C8C2860000-0x000001C8C2870000-memory.dmp

Filesize
64KB

Download
memory/2648-748-0x000001C8C2850000-0x000001C8C2860000-memory.dmp

Filesize
64KB

Download
memory/2648-747-0x000001C8C2840000-0x000001C8C2850000-memory.dmp

Filesize
64KB

Download
memory/2648-746-0x000001C8C2830000-0x000001C8C2840000-memory.dmp

Filesize
64KB

Download
memory/2648-745-0x000001C8C2820000-0x000001C8C2830000-memory.dmp

Filesize
64KB

Download
memory/2648-744-0x000001C8C2810000-0x000001C8C2820000-memory.dmp

Filesize
64KB

Download
memory/2648-743-0x000001C8C2800000-0x000001C8C2810000-memory.dmp

Filesize
64KB

Download
memory/2648-742-0x000001C8C27F0000-0x000001C8C2800000-memory.dmp

Filesize
64KB

Download
memory/2648-741-0x000001C8C27E0000-0x000001C8C27F0000-memory.dmp

Filesize
64KB

Download
memory/2648-740-0x000001C8C27D0000-0x000001C8C27E0000-memory.dmp

Filesize
64KB

Download
memory/2648-739-0x000001C8C27C0000-0x000001C8C27D0000-memory.dmp

Filesize
64KB

Download
memory/2648-738-0x000001C8C27B0000-0x000001C8C27C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads