4c05725a37cb5a13ba3f7bc3993958bb56a234b47ae5869ceb92c2d8f98635f3 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows10_x64
resource
win10v20201028
submitted
26-01-2021 13:09

Sharing

Report Analysis Logs

General

Target

FedEx-Shipment-61821461149.jar
Size

1.1MB
MD5

796276ef3bb0cff9f450ee0d2904b9a6
SHA1

b0f27e95169499f019fa45e0de2f31b84fd03298
SHA256

4c05725a37cb5a13ba3f7bc3993958bb56a234b47ae5869ceb92c2d8f98635f3
SHA512

0cf482410883c6d3a8498cb06bde5595bd506ddde9a0c7b1231800e48c4a206305bc1cb09340a4cb620bc44a6a2123040b2edc9f389e84147d88bf71d25f7435

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

Processes:

java.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\FedEx-Shipment-61821461149.jar
1⤵
- Drops file in Program Files directory
PID:4808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4808-2-0x0000000002E00000-0x0000000003070000-memory.dmp

Filesize
2.4MB

Download