Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    05-02-2022 14:30

General

  • Target

    6f55f6e567ee9df0a823ce1072fbf1e7b5ae4ace2128f8b330394cab4d07d2ab.jar

  • Size

    5KB

  • MD5

    66dae49e6a1edf3e74c33a06b4270d4b

  • SHA1

    ed14532d4bbf152369cd39949802c6f773754c0e

  • SHA256

    6f55f6e567ee9df0a823ce1072fbf1e7b5ae4ace2128f8b330394cab4d07d2ab

  • SHA512

    a8ba21d9a23c2cace59ff915f8def5c5c9e7603aeaef76f34981456cfae9f1237a4600e73f5d3ebbf3c45a18701e29e330966e6b276d0443e10a33f124d4a1d9

Score
10/10

Malware Config

Signatures

  • QNodeService

    Trojan/stealer written in NodeJS and spread via Java downloader.

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\6f55f6e567ee9df0a823ce1072fbf1e7b5ae4ace2128f8b330394cab4d07d2ab.jar
    1⤵
      PID:2028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2028-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

      Filesize

      8KB

    • memory/2028-56-0x00000000021D0000-0x00000000051D0000-memory.dmp

      Filesize

      48.0MB

    • memory/2028-57-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2028-84-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2028-87-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2028-95-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2028-97-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB