Overview

overview

7

Static

static

PAYMENT_11...FR.jar

windows7_x64

1

PAYMENT_11...FR.jar

windows10_x64

7

Analysis

  • max time kernel
    114s
  • max time network
    117s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    06-04-2020 18:35

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT_119091031_JFR.jar

  • Size

    426KB

  • MD5

    27a541da018bec205bec18d5aa85978c

  • SHA1

    78bbe6410bcb92dba2787f2c3d29c0f7db810b16

  • SHA256

    f4b5451809e69cc848d835a918c59bb79d449a11daed519743fedb5545127c74

  • SHA512

    a060639082b838b15ffa1c551955a506157952f1a4671683ed28b76dbfceea9c869025f388cc9c9c73b4fc5c41fcc2986c9cc75395c757eec3a3ee79a9413d24

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\PAYMENT_119091031_JFR.jar
    Loads dropped DLL
    PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

  • \Users\Admin\AppData\Local\Temp\jna-63116079\jna6210709186133255166.dll
    Download Submit