Analysis
-
max time kernel
163s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
17/02/2022, 11:02
Static task
static1
Behavioral task
behavioral1
Sample
NITAS POV211206 .jar
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NITAS POV211206 .jar
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
NITAS POV211206 .jar
-
Size
178KB
-
MD5
d7b4fc94bbe1b674b45290f6f9cb57ad
-
SHA1
d39000d117ecdf137ddd6e37684398f6e35d0bf3
-
SHA256
de0320c054a777a1870ba945082e9afa76b09adc20f6214e2ed3a5de818f9ac3
-
SHA512
824a1b4348d7d32b9520aed0e87bec823f052493d68089f09cabc05fee77e0dd72de8b70e7bc60c600885ea8e81792b348d01e1c77c3830742308d50acd62947
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\WindowsUpdate.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.edb svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm svchost.exe File opened for modification C:\Windows\SoftwareDistribution\ReportingEvents.log svchost.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeShutdownPrivilege 3420 svchost.exe Token: SeCreatePagefilePrivilege 3420 svchost.exe Token: SeShutdownPrivilege 3420 svchost.exe Token: SeCreatePagefilePrivilege 3420 svchost.exe Token: SeShutdownPrivilege 3420 svchost.exe Token: SeCreatePagefilePrivilege 3420 svchost.exe
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\NITAS POV211206 .jar"1⤵PID:3068
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3420