8909c047f3391d9045b1f75bda07062a846670ab78942a8b6185ab5f514ab00a

Analysis

Target

Incoming_Wire_payment_returned120 ___vaw.jar
Size

106KB
MD5

34e26bc587a78272f5bb46b85e05b2dc
SHA1

e799c6bad1776842645aad78f79d42941c231eda
SHA256

8909c047f3391d9045b1f75bda07062a846670ab78942a8b6185ab5f514ab00a
SHA512

9bee84c5c0f17bf48cbedd6d4cf2a0f349a83598f8a87aa10f3f70ee63ef00fc037e28a3c678c0e16db6d7c4c6a7eaa5d785064e14e9ea4e8778fa920cf008b2

Score

4^/10

Drops file in Program Files directory 12 IoCs

Processes:

java.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Incoming_Wire_payment_returned120 ___vaw.jar"
1⤵
- Drops file in Program Files directory
PID:3088

memory/3088-118-0x00000000025D0000-0x0000000002840000-memory.dmp

Filesize
2.4MB

Download
memory/3088-119-0x00000000025D0000-0x0000000002840000-memory.dmp

Filesize
2.4MB

Download
memory/3088-120-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/3088-122-0x0000000002840000-0x0000000002850000-memory.dmp

Filesize
64KB

Download
memory/3088-123-0x0000000002850000-0x0000000002860000-memory.dmp

Filesize
64KB

Download
memory/3088-124-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/3088-125-0x0000000002860000-0x0000000002870000-memory.dmp

Filesize
64KB

Download
memory/3088-126-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/3088-128-0x0000000002880000-0x0000000002890000-memory.dmp

Filesize
64KB

Download
memory/3088-129-0x0000000002890000-0x00000000028A0000-memory.dmp

Filesize
64KB

Download
memory/3088-127-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/3088-132-0x00000000028B0000-0x00000000028C0000-memory.dmp

Filesize
64KB

Download
memory/3088-131-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3088-133-0x00000000028C0000-0x00000000028D0000-memory.dmp

Filesize
64KB

Download
memory/3088-134-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/3088-141-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download