Windows Analysis Report
Mtcn_3259356251.jar

Overview

General Information

Sample name:	Mtcn_3259356251.jar
Analysis ID:	1524314
MD5:	7fefa6601ba7798f5a92c4907a04d675
SHA1:	a44d75a42ac89a7d5060578e681f20993eccb76f
SHA256:	3dbba68c10b532ecbd126c1172717d7f6c63d3e3fc4978aa8f58a919269b6374
Infos:

Detection

Branchlock Obfuscator

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Branchlock Obfuscator

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Mtcn_3259356251.jar

ReversingLabs: Detection: 23%

Source: classification engine

Classification label: mal56.evad.winJAR@2/6@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03

Source: C:\Windows\System32\7za.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: Mtcn_3259356251.jar

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\Mtcn_3259356251.jar"
Source: C:\Windows\System32\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Windows\System32\7za.exe

Section loaded: 7z.dll

Data Obfuscation

Yara detected Branchlock Obfuscator

Source: Yara match	File source: Mtcn_3259356251.jar, type: SAMPLE
Source: Yara match	File source: 00000000.00000003.7023392945.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.7023950005.00000000014F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.7024085039.0000000003185000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.7023068203.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.7023135764.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.7020393491.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Screenshots

Network Map

⊘No contacted IP infos

ID:	1524314
Product:	CloudBasic
Start time:	17:15:50
Start date:	02.10.2024
Sample:	Mtcn_3259356251.jar
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7fefa6601ba7798f5a92c4907a04d675
SHA1:	a44d75a42ac89a7d5060578e681f20993eccb76f
SHA256:	3dbba68c10b532ecbd126c1172717d7f6c63d3e3fc4978aa8f58a919269b6374
Filetype:	Java Archive (13504/1) 62.80%

Name	Type	MD5	SHA1	SHA256
C:\jar\Branchlock_R.class	compiled Java class data, version 52.0 (Java 1.8)	7EFF90CE4473875ED907C63A331DFAB9	E2FA23737A10537CCB602B4896C720FFCEC7DBA2	A472D6E4E41F96623F1A0FCB807A3FCAE9F92C0D3002DE1BD46E7EC13E0E5B4A
C:\jar\G\g.class	compiled Java class data, version 52.0 (Java 1.8)	037E739995E8B416E026129647D286A4	DDDFE83319FEC5AC9EB2586A18B656B39DFED48A	0C7FD6D596AF8DAE7CC27B441D37DA402D0BED40186117E2D2ABCB4E46B761CA
C:\jar\G\g\v.class	compiled Java class data, version 52.0 (Java 1.8)	02D3B0D2DEDAE0D07B1D3637023DDFBE	FEC3C69AA4608F38CEBF0E70C8A718C250BA383E	E3900C715D8B01613A7C390D5614B2D9B6275DBA50C23FB5F52DCE471E0A8AB0
C:\jar\J.class	compiled Java class data, version 52.0 (Java 1.8)	5F3999F081E00C16A16CC2CF796CA9E2	C5EE23B6E8C4E98C449FAF28A5903C90DC27F296	5D7A8BC53AC2B03DA99C979B81E82251621FA426797A4AE6762664307A3C5474
C:\jar\META-INF\MANIFEST.MF	ASCII text	19D6F7BE6B9650BB8A7D123D9AF140CA	236DC438C740CA47CDAD38B4E8A11DC68C2BC617	B259CA872262845D624924A7160E43705D1294E4F1BD76B9B002B96A731C2B13
C:\jar\X.class	compiled Java class data, version 52.0 (Java 1.8)	93C681545707D0FA737F9E2CED053B53	2AAA1D469798B58E30A51CEB3572CFDDC8BBE6B4	0E7085A7F954AB18345BC1E9660314D57039F46D56C5D1678CE2627433B1E593
C:\jar\_html__img src=_http_\__.class	compiled Java class data, version 52.0 (Java 1.8)	D00A3614372F754698D56742CC828CCA	125839E99F42BFCB50591EBDD7F63D140137F105	FF7E19C51ACFFC9536A95363BAA8907A1451DD47EF198FBB97F7CCCDCCEC7DB6
C:\jar\g.class	compiled Java class data, version 52.0 (Java 1.8)	FACE0D0C3AD39AECEF2880F36E156ADB	58C597221E34F1BA0735FF7D797C436073813E0C	B5103DCB373D9C6461B76D27001B9596507678E28FFB198190CC886B408D4B78
C:\jar\net\branchlock\layout\references\F.class	compiled Java class data, version 52.0 (Java 1.8)	7C0AAD60D9A887897B3563E37CFDAF48	BC4B3E861751C2AE4AF1FB1CF33B54016B9BE768	3AAECB0973EDE808479C38A60BCF9BB263583251CED7B182C7114227A1E06794
C:\jar\net\branchlock\layout\references\J.class	compiled Java class data, version 52.0 (Java 1.8)	C773134F2961F92EC4D4C7376A188EAC	4A8FB78B89671DBC2A8EF3F85C18B411C5738B60	1057DC7DF9A7069EACF3AB5E1F3A811A40BFDF59959A012888C050020E68B13B
C:\jar\net\branchlock\layout\references\Q.class	compiled Java class data, version 52.0 (Java 1.8)	9C2C21B7B02F650876C7C0A37899F105	1B2C6B209B8998B40331B9F4CE4FE5C02DF613A5	FF8259BD3D00DB0CE327ADED0877B44B74EEA9EB0D31D376CFC22769E1375F2A
C:\jar\net\branchlock\layout\references\X.class	compiled Java class data, version 52.0 (Java 1.8)	36002F883492B1165D7ECADBEAADAAB3	9E2409975E6CAF4DA213C1732EEAD2AE74FEF8DE	53D903FEF00E7085BF4DF2F035F183F374C515B96FB20149C3F0FC8E607E1979
C:\jar\trower.class	compiled Java class data, version 52.0 (Java 1.8)	94D2D24D45BEAA7FD21817EE2CC312B7	163E785BE441B119EF092F47AD74EA82372B4887	83F60A7F33B6F42163EB90D03630B516A5F0575155E147EC66C216271F946CDB

Windows Analysis Report Mtcn_3259356251.jar

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

System Summary

Data Obfuscation

Screenshots

Network Map

Windows Analysis Report
Mtcn_3259356251.jar