Resubmissions

19/01/2022, 03:59

220119-ekh3dsfaf9 10

19/01/2022, 03:53

220119-efq77sfbcn 4

Analysis

  • max time kernel
    129s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    19/01/2022, 03:59

General

  • Target

    Remittance_Advice.jar

  • Size

    177KB

  • MD5

    bc78ae9bc621453d40e716c9ba1e5477

  • SHA1

    1da930a525c2fcfc3aa3b19feedb982c76844711

  • SHA256

    4e0a3a091304f6c072eeb2605636e3dda2b187021218b0b9bbaba909568baaae

  • SHA512

    62e3139999e3be0b8afd95ec41d281d10436952ced1fb6357a5e3d73325144f7b87203f888a4711ed21733860fe3a29e43b5f84ac7097437673c524cda80f4b7

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Remittance_Advice.jar
    1⤵
    • Drops file in Program Files directory
    PID:3356
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3136
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2736

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3356-131-0x0000000002F80000-0x0000000012080000-memory.dmp

          Filesize

          241.0MB