Overview

overview

3

Static

static

NRB-RTGS 2...21.jar

windows7_x64

3

NRB-RTGS 2...21.jar

windows10_x64

3

Analysis

  • max time kernel
    117s
  • max time network
    23s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    28-09-2021 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NRB-RTGS 28-Sept 2021.jar

  • Size

    103KB

  • MD5

    ccfdd7c24c9029f301ee94dbc9441ace

  • SHA1

    99dce2074fd2cca2ede69a3b08cf33a574a4a976

  • SHA256

    3ecc6468de96ac9ae350154c117610dd3062f968be547d6b67b3f126fee512e9

  • SHA512

    3ca8410aca55b1acb92e1c5316fffb01815b7b69b850c1637cc4b04f43a83f2cf52c21c0785c4af30ce9655782c1d285d82055bb120e41d103f0758bf37fe258

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\NRB-RTGS 28-Sept 2021.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1232 -s 148
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1232-54-0x000007FEFBA71000-0x000007FEFBA73000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2044-55-0x0000000000000000-mapping.dmp
    Download
  • memory/2044-57-0x0000000001C10000-0x0000000001C11000-memory.dmp
    Filesize

    4KB

    Download