71ed2714927d82bc3660dc53b132a843a65fa1f68e0d892ce7c40905772d8dcb | Triage

Analysis

max time kernel
10s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
07-06-2021 07:27

Sharing

Report Analysis Logs

General

Target

Overdue invoice-960494.jar
Size

99KB
MD5

057ee447c12c0c2f3ce7c51f9579dbce
SHA1

a24554b8a24786895a2e1d76f42751f46b5fbef9
SHA256

71ed2714927d82bc3660dc53b132a843a65fa1f68e0d892ce7c40905772d8dcb
SHA512

27d602531da88b9be73bba28afdbaa246e17ee0f218fa340cc8ac356afd17d973953b91dfc2d8085e19f02dd339bba39a3e0885ff30370b6150999e80ac593ce

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

Processes:

java.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Overdue invoice-960494.jar"
1⤵
- Drops file in Program Files directory
PID:1852

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1852-114-0x0000000002D10000-0x0000000002F80000-memory.dmp

Filesize
2.4MB

Download
memory/1852-115-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/1852-116-0x0000000002F80000-0x0000000002F90000-memory.dmp

Filesize
64KB

Download
memory/1852-117-0x0000000002F90000-0x0000000002FA0000-memory.dmp

Filesize
64KB

Download