Overview

overview

6

Static

static

b0f76db0b5...46.jar

windows7_x64

1

b0f76db0b5...46.jar

windows10-2004_x64

6

Analysis

  • max time kernel
    155s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-07-2022 07:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0f76db0b5074a60ea9ccd877b5d76d26e21e2f337ff1eccadddad472ba47346.jar

  • Size

    219KB

  • MD5

    e2a04c764d82b5e2796e30c39cc65826

  • SHA1

    57860e7b23857661fecf4be15d0b8fd2b6e3070a

  • SHA256

    b0f76db0b5074a60ea9ccd877b5d76d26e21e2f337ff1eccadddad472ba47346

  • SHA512

    d45206cb4a6d96690c4ff2587b7d62bcacbdcfeae66e97e9b3e41fbf174e2179f5d70b06aff046d10359956d0d08703bf460fa344da8e7e6a7d6ea0f73fb729d

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\b0f76db0b5074a60ea9ccd877b5d76d26e21e2f337ff1eccadddad472ba47346.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3108
    • C:\Program Files\Java\jre1.8.0_66\bin\java.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar C:\Users\Admin\.6961235255699827262.jar
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Windows\SYSTEM32\reg.exe
        reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v J180295edf54:U41646d696e_s /t REG_SZ /d "\"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe\" -jar \"C:\Users\Admin\.6961235255699827262.jar\""
        3⤵
        • Adds Run key to start application
        PID:3476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\.6961235255699827262.jar
    Filesize

    219KB

    MD5

    e2a04c764d82b5e2796e30c39cc65826

    SHA1

    57860e7b23857661fecf4be15d0b8fd2b6e3070a

    SHA256

    b0f76db0b5074a60ea9ccd877b5d76d26e21e2f337ff1eccadddad472ba47346

    SHA512

    d45206cb4a6d96690c4ff2587b7d62bcacbdcfeae66e97e9b3e41fbf174e2179f5d70b06aff046d10359956d0d08703bf460fa344da8e7e6a7d6ea0f73fb729d

    Download Submit

  • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
    Filesize

    50B

    MD5

    cef22f8d23630c88b9e8f1817b441044

    SHA1

    6ab1260c51b0d5ab891eae438ba0e127ee6738a1

    SHA256

    cfe58b96be5fabb4d3279c465fcebf16a9160c3534acf84387f05a5d0b20ec9e

    SHA512

    cfba6c5981db677d2f871c3607ba1860ff8fda5a73656b7b3d0868a935793725b5e9a29b6bc7a3f9855f16a66d4309db0d49df81948de4e9c459c107b4e84c02

    Download Submit

  • memory/2836-162-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-165-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-177-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-155-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-176-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-158-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-159-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-160-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-174-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-143-0x0000000000000000-mapping.dmp

    Download

  • memory/2836-166-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-167-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-170-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-172-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2836-173-0x0000000002610000-0x0000000003610000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3108-134-0x0000000002EE0000-0x0000000003EE0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3108-135-0x0000000002EE0000-0x0000000003EE0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3476-156-0x0000000000000000-mapping.dmp

    Download