ShippingDoc.jar

General
Target

ShippingDoc.jar

Filesize

166KB

Completed

18-11-2020 12:35

Score
1 /10
MD5

335c639a4ea7c94f9c53d1e793f08f45

SHA1

d4d26a79b9c0e80b2ecee65f850f6fed21cbbaa2

SHA256

c5efeacdeadcc98e8194c98b92a0a8d385f70a3b76bc32a85d90782b2721425f

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    java.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1900 wrote to memory of 8961900java.exewscript.exe
    PID 1900 wrote to memory of 8961900java.exewscript.exe
    PID 1900 wrote to memory of 8961900java.exewscript.exe
Processes 2
  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\ShippingDoc.jar
    Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\mlqvxdkryi.js
      PID:896
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/896-1-0x0000000000000000-mapping.dmp