Analysis
-
max time kernel
117s -
max time network
23s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
28-09-2021 07:04
Static task
static1
Behavioral task
behavioral1
Sample
NRB-RTGS 28-Sept 2021.jar
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NRB-RTGS 28-Sept 2021.jar
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
NRB-RTGS 28-Sept 2021.jar
-
Size
103KB
-
MD5
ccfdd7c24c9029f301ee94dbc9441ace
-
SHA1
99dce2074fd2cca2ede69a3b08cf33a574a4a976
-
SHA256
3ecc6468de96ac9ae350154c117610dd3062f968be547d6b67b3f126fee512e9
-
SHA512
3ca8410aca55b1acb92e1c5316fffb01815b7b69b850c1637cc4b04f43a83f2cf52c21c0785c4af30ce9655782c1d285d82055bb120e41d103f0758bf37fe258
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2044 1232 WerFault.exe java.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 2044 WerFault.exe 2044 WerFault.exe 2044 WerFault.exe 2044 WerFault.exe 2044 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 2044 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2044 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
java.exedescription pid process target process PID 1232 wrote to memory of 2044 1232 java.exe WerFault.exe PID 1232 wrote to memory of 2044 1232 java.exe WerFault.exe PID 1232 wrote to memory of 2044 1232 java.exe WerFault.exe
Processes
-
C:\Windows\system32\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\NRB-RTGS 28-Sept 2021.jar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1232 -s 1482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken