Overview

overview

10

Static

static

10

Shipment D...WB.jar

windows7_x64

1

Shipment D...WB.jar

windows10_x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    17-06-2021 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipment Details & AWB.jar

  • Size

    332KB

  • MD5

    a4d00a4bb116788bf744eb99fdd8c705

  • SHA1

    727219cfb38b427d660742cc3a6396a9d6ad2d16

  • SHA256

    609bb0d31076f8b0ea511a367bf560f998eb8641c6b542cf56a8d30174eb3a3f

  • SHA512

    b59343da967f9d0648aa9342d7599156026469eebf74114603160a9c5838826d69fa13c47f02ad245649e931a7193b98ac3de214407d00ac9ad937ea685b8d86

Score
7/10
persistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Shipment Details & AWB.jar"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Shipment Details & AWB.jar" /d "C:\Users\Admin\AppData\Roaming\Shipment Details & AWB.jar" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:196
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Shipment Details & AWB.jar
      2⤵
      • Views/modifies file attributes
      PID:3796
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipment Details & AWB.jar
      2⤵
      • Views/modifies file attributes
      PID:2288

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/800-114-0x00000000033B0000-0x0000000003620000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/800-115-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/800-120-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/800-122-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

    Filesize

    4KB

    Download