Overview

overview

10

Static

static

10

zsdawe.jar

windows10-2004-x64

6

Analysis

  • max time kernel
    13s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zsdawe.jar

  • Size

    651KB

  • MD5

    e54673f653bb95f9319ea79b672dfbe6

  • SHA1

    2e31f81bcff1dfea1df061669468a3243810f94c

  • SHA256

    fe9a3cc5d63aa22b7b18dd4d27a8f55811978dbc5f83bacd2a135b3021684e1e

  • SHA512

    d1b5ba82f9f5f42f8ad67d62c60cae3765b01ad5513331dc8dd2c496218fe6477f87de1aef4000d2005fe902ece718e79bb7a62cd7790db298b6389ee515f3b2

  • SSDEEP

    12288:pPJGQg/EuQbSn4bmU2p3gI/9RD+BMONC1xgAx2RyT32uU2dcSrrD4D:pPgQskb+4yX3gInWpC1O6H2uJdfrrD4D

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\zsdawe.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5384
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743477279515.tmp
      2⤵
      • Views/modifies file attributes
      PID:4640
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743477279515.tmp" /f"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\system32\reg.exe
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743477279515.tmp" /f
        3⤵
        • Adds Run key to start application
        PID:4912
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743477279515.tmp
    1⤵
      PID:4748
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3796

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743477279515.tmp
        Filesize

        651KB

        MD5

        e54673f653bb95f9319ea79b672dfbe6

        SHA1

        2e31f81bcff1dfea1df061669468a3243810f94c

        SHA256

        fe9a3cc5d63aa22b7b18dd4d27a8f55811978dbc5f83bacd2a135b3021684e1e

        SHA512

        d1b5ba82f9f5f42f8ad67d62c60cae3765b01ad5513331dc8dd2c496218fe6477f87de1aef4000d2005fe902ece718e79bb7a62cd7790db298b6389ee515f3b2

        Download Submit

      • memory/5384-54-0x0000021A6AD20000-0x0000021A6AD30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-43-0x0000021A6AC60000-0x0000021A6AC70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-21-0x0000021A6AC80000-0x0000021A6AC90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-20-0x0000021A6AC70000-0x0000021A6AC80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-23-0x0000021A6AC90000-0x0000021A6ACA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-25-0x0000021A6ACA0000-0x0000021A6ACB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-28-0x0000021A6ACB0000-0x0000021A6ACC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-29-0x0000021A6ACC0000-0x0000021A6ACD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-17-0x0000021A6AC60000-0x0000021A6AC70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-32-0x0000021A69210000-0x0000021A69211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5384-36-0x0000021A6ACD0000-0x0000021A6ACE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-39-0x0000021A6ACE0000-0x0000021A6ACF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-38-0x0000021A6A9E0000-0x0000021A6AC50000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/5384-61-0x0000021A6ACA0000-0x0000021A6ACB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-44-0x0000021A6ACF0000-0x0000021A6AD00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-59-0x0000021A6AD30000-0x0000021A6AD40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-42-0x0000021A6AC50000-0x0000021A6AC60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-47-0x0000021A6AD00000-0x0000021A6AD10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-52-0x0000021A6AD10000-0x0000021A6AD20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-51-0x0000021A6AC80000-0x0000021A6AC90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-50-0x0000021A6AC70000-0x0000021A6AC80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-2-0x0000021A6A9E0000-0x0000021A6AC50000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/5384-16-0x0000021A6AC50000-0x0000021A6AC60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-58-0x0000021A6AC90000-0x0000021A6ACA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-45-0x0000021A69210000-0x0000021A69211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5384-62-0x0000021A6AD40000-0x0000021A6AD50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-63-0x0000021A69210000-0x0000021A69211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5384-66-0x0000021A6AD50000-0x0000021A6AD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-65-0x0000021A6ACB0000-0x0000021A6ACC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-68-0x0000021A6ACC0000-0x0000021A6ACD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-69-0x0000021A6AD60000-0x0000021A6AD70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-71-0x0000021A6ACD0000-0x0000021A6ACE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-72-0x0000021A69210000-0x0000021A69211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5384-73-0x0000021A6ACE0000-0x0000021A6ACF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-74-0x0000021A6ACF0000-0x0000021A6AD00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-75-0x0000021A6AD00000-0x0000021A6AD10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-76-0x0000021A6AD10000-0x0000021A6AD20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-77-0x0000021A6A9E0000-0x0000021A6AC50000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/5384-84-0x0000021A6AD60000-0x0000021A6AD70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-83-0x0000021A6AD50000-0x0000021A6AD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-82-0x0000021A6AD40000-0x0000021A6AD50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-81-0x0000021A6AD30000-0x0000021A6AD40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-80-0x0000021A6AD20000-0x0000021A6AD30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-79-0x0000021A6AC70000-0x0000021A6AC80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5384-78-0x0000021A6AC50000-0x0000021A6AC60000-memory.dmp

        Filesize

        64KB

        Download