Analysis
-
max time kernel
149s -
max time network
134s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
26-09-2021 16:25
Static task
static1
Behavioral task
behavioral1
Sample
cejetjwve.txt.jar
Resource
win7-en-20210920
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cejetjwve.txt.jar
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
cejetjwve.txt.jar
-
Size
92KB
-
MD5
9f529d816bffd28587755104a62e7ffe
-
SHA1
2ced260d71011c450dab5145881fad5460d00edb
-
SHA256
7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
-
SHA512
ccb1437c4fc7465bfdd62e5a7556a13f2bbebafe73e6c545a0125fe0289e833928b6c9f61ce36102ea107a6054f6ac738fae81ac068555fc500f1df15ac6baab
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1520 1612 WerFault.exe java.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1520 WerFault.exe 1520 WerFault.exe 1520 WerFault.exe 1520 WerFault.exe 1520 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1520 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1520 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
java.exedescription pid process target process PID 1612 wrote to memory of 1520 1612 java.exe WerFault.exe PID 1612 wrote to memory of 1520 1612 java.exe WerFault.exe PID 1612 wrote to memory of 1520 1612 java.exe WerFault.exe
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\cejetjwve.txt.jar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1612 -s 1482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken