685faf9930e594f4cfe598d461b384abee2baa18e5d766592c4c58a45e00700d | Triage

Resubmissions

05-06-2022 12:18

220605-pgyzjsaca9 4

19-10-2020 00:44

201019-1lrwtdmymj 10

Analysis

max time kernel
61s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
05-06-2022 12:18

Sharing

Report Analysis Logs

General

Target

f80a0b2708893179f10771d1656875f67d6a9fba78ffcfe14485aae21b31dc55.jar
Size

209KB
MD5

369eb059f2b5b98c7b42e14fad64c2a7
SHA1

84c74b6512664d339f7f49a5368f9a6fdf6025e4
SHA256

f80a0b2708893179f10771d1656875f67d6a9fba78ffcfe14485aae21b31dc55
SHA512

8cccf82be1dd1fc9b4375c1c066f077b5433fa82d03bc46c90a5ae1b348b1c5deab9ea45313720f222a45316751189ea887c526d30cf80188f74db76771093bb

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\f80a0b2708893179f10771d1656875f67d6a9fba78ffcfe14485aae21b31dc55.jar
1⤵
- Drops file in Program Files directory
PID:3288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3288-134-0x0000000002760000-0x0000000003760000-memory.dmp

Filesize
16.0MB

Download
memory/3288-149-0x0000000002760000-0x0000000003760000-memory.dmp

Filesize
16.0MB

Download
memory/3288-153-0x0000000002760000-0x0000000003760000-memory.dmp

Filesize
16.0MB

Download
memory/3288-154-0x0000000002760000-0x0000000003760000-memory.dmp

Filesize
16.0MB

Download