Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
29/03/2025, 23:53
Behavioral task
behavioral1
Sample
injector.jar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
injector.jar
Resource
win10v2004-20250314-en
General
-
Target
injector.jar
-
Size
639KB
-
MD5
debe64c97f491943e154956a20b1dbd9
-
SHA1
2f166761d1d7a0b8962263d49669f8ed43265f0e
-
SHA256
c97e12e9d8be059c6ba3034aa4b33cc2e7a2ffeb741fb4b6738ff4ae2186c113
-
SHA512
a5d5400570f33b03af9e518fc288b91526724da72511c40008b5320458c061b226127d74f70d39ca4a0fafd1930e9c39e2bca6d6d04cf86cc128165b942f8f08
-
SSDEEP
12288:mv7NQR/3nRsDp49VIFw/ga/vRj+hLgNCjSgeVeRBA34uI2x8S+BDQC:mvpQBBsd4Dr/gaxu+CjzQ14ulx/+BDQC
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1743292434988.tmp" reg.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3480 java.exe 3480 java.exe 3480 java.exe 3480 java.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3480 wrote to memory of 1200 3480 java.exe 92 PID 3480 wrote to memory of 1200 3480 java.exe 92 PID 3480 wrote to memory of 2864 3480 java.exe 94 PID 3480 wrote to memory of 2864 3480 java.exe 94 PID 2864 wrote to memory of 2440 2864 cmd.exe 96 PID 2864 wrote to memory of 2440 2864 cmd.exe 96 -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 1200 attrib.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\injector.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Windows\SYSTEM32\attrib.exeattrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743292434988.tmp2⤵
- Views/modifies file attributes
PID:1200
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743292434988.tmp" /f"2⤵
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Windows\system32\reg.exeREG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743292434988.tmp" /f3⤵
- Adds Run key to start application
PID:2440
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743292434988.tmp1⤵PID:3536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
639KB
MD5debe64c97f491943e154956a20b1dbd9
SHA12f166761d1d7a0b8962263d49669f8ed43265f0e
SHA256c97e12e9d8be059c6ba3034aa4b33cc2e7a2ffeb741fb4b6738ff4ae2186c113
SHA512a5d5400570f33b03af9e518fc288b91526724da72511c40008b5320458c061b226127d74f70d39ca4a0fafd1930e9c39e2bca6d6d04cf86cc128165b942f8f08