c5efeacdeadcc98e8194c98b92a0a8d385f70a3b76bc32a85d90782b2721425f | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
18-11-2020 12:32

Sharing

Report Analysis Logs

General

Target

ShippingDoc.jar
Size

166KB
MD5

335c639a4ea7c94f9c53d1e793f08f45
SHA1

d4d26a79b9c0e80b2ecee65f850f6fed21cbbaa2
SHA256

c5efeacdeadcc98e8194c98b92a0a8d385f70a3b76bc32a85d90782b2721425f
SHA512

587282a10f3e2dbd16a2f18b45686b4701e30110f561babe677c6bc795ecc40b6479d3b54bb4cb69c0117eb63ba251d3531621745f6a601aa5699e1fb18a07f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

java.exe

description	pid	process	target process
PID 1900 wrote to memory of 896	1900	java.exe	wscript.exe
PID 1900 wrote to memory of 896	1900	java.exe	wscript.exe
PID 1900 wrote to memory of 896	1900	java.exe	wscript.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ShippingDoc.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\mlqvxdkryi.js
  2⤵
  PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-1-0x0000000000000000-mapping.dmp

Download