Analysis
-
max time kernel
129s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
19/01/2022, 03:59
Static task
static1
Behavioral task
behavioral1
Sample
Remittance_Advice.jar
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Remittance_Advice.jar
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
Remittance_Advice.jar
-
Size
177KB
-
MD5
bc78ae9bc621453d40e716c9ba1e5477
-
SHA1
1da930a525c2fcfc3aa3b19feedb982c76844711
-
SHA256
4e0a3a091304f6c072eeb2605636e3dda2b187021218b0b9bbaba909568baaae
-
SHA512
62e3139999e3be0b8afd95ec41d281d10436952ced1fb6357a5e3d73325144f7b87203f888a4711ed21733860fe3a29e43b5f84ac7097437673c524cda80f4b7
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 12 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb java.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeSystemtimePrivilege 3136 svchost.exe Token: SeSystemtimePrivilege 3136 svchost.exe Token: SeIncBasePriorityPrivilege 3136 svchost.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2736 TextInputHost.exe 2736 TextInputHost.exe
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Remittance_Advice.jar1⤵
- Drops file in Program Files directory
PID:3356
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3136
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2736