Analysis

  • max time kernel
    159s
  • max time network
    87s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 01:03

General

  • Target

    invoice_pdf.jar

  • Size

    5KB

  • MD5

    37f5e9c66a090ac8ca354ad4574108ac

  • SHA1

    84f29ff28d4d1f04b1a05c920718356588d49404

  • SHA256

    18382afed4a3eb374fa6a2d5a564d881204f631279903a445fe2d19c8f1da897

  • SHA512

    eb4faaaf782021cf70279e787642588bbf3bbe18d239b54558bbababa0b89eb8dce4b6cf96db9b6c1f7e347ed28bad189ccf51120f3f3335f6df8d9391da60b4

Score
10/10

Malware Config

Signatures

  • QNodeService

    Trojan/stealer written in NodeJS and spread via Java downloader.

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\invoice_pdf.jar
    1⤵
      PID:1164

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1164-54-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

      Filesize

      8KB

    • memory/1164-57-0x0000000002140000-0x0000000005140000-memory.dmp

      Filesize

      48.0MB