Resubmissions

17/02/2022, 16:54

220217-ve2wbacbe8 10

17/02/2022, 11:02

220217-m46xkabah6 4

Analysis

  • max time kernel
    163s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    17/02/2022, 11:02

General

  • Target

    NITAS POV211206 .jar

  • Size

    178KB

  • MD5

    d7b4fc94bbe1b674b45290f6f9cb57ad

  • SHA1

    d39000d117ecdf137ddd6e37684398f6e35d0bf3

  • SHA256

    de0320c054a777a1870ba945082e9afa76b09adc20f6214e2ed3a5de818f9ac3

  • SHA512

    824a1b4348d7d32b9520aed0e87bec823f052493d68089f09cabc05fee77e0dd72de8b70e7bc60c600885ea8e81792b348d01e1c77c3830742308d50acd62947

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\NITAS POV211206 .jar"
    1⤵
      PID:3068
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3420

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3068-166-0x0000000003310000-0x0000000003320000-memory.dmp

            Filesize

            64KB

          • memory/3068-181-0x0000000003320000-0x0000000003330000-memory.dmp

            Filesize

            64KB

          • memory/3068-138-0x00000000032E0000-0x00000000032F0000-memory.dmp

            Filesize

            64KB

          • memory/3068-141-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-142-0x00000000032F0000-0x0000000003300000-memory.dmp

            Filesize

            64KB

          • memory/3068-143-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-144-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-145-0x0000000003300000-0x0000000003310000-memory.dmp

            Filesize

            64KB

          • memory/3068-146-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-148-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-132-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

            Filesize

            4KB

          • memory/3068-184-0x0000000003330000-0x0000000003340000-memory.dmp

            Filesize

            64KB

          • memory/3068-131-0x0000000003070000-0x00000000032E0000-memory.dmp

            Filesize

            2.4MB

          • memory/3068-188-0x0000000003340000-0x0000000003350000-memory.dmp

            Filesize

            64KB

          • memory/3068-189-0x0000000003350000-0x0000000003360000-memory.dmp

            Filesize

            64KB

          • memory/3068-193-0x0000000003360000-0x0000000003370000-memory.dmp

            Filesize

            64KB

          • memory/3068-194-0x0000000003370000-0x0000000003380000-memory.dmp

            Filesize

            64KB

          • memory/3068-241-0x00000000033A0000-0x00000000033B0000-memory.dmp

            Filesize

            64KB

          • memory/3068-222-0x0000000003380000-0x0000000003390000-memory.dmp

            Filesize

            64KB

          • memory/3068-233-0x0000000003390000-0x00000000033A0000-memory.dmp

            Filesize

            64KB

          • memory/3420-216-0x00000198A7330000-0x00000198A7340000-memory.dmp

            Filesize

            64KB