Overview

overview

8

Static

static

7ce426f785...ef.jar

windows7-x64

8

7ce426f785...ef.jar

windows10-2004-x64

8

Analysis

  • max time kernel
    158s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2022, 23:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7ce426f785c03e90964d0a41c44a1d2bebb9c965eb7d75a770ee7c6579d775ef.jar

  • Size

    62KB

  • MD5

    34bc92ecf73de24c406aa75802787907

  • SHA1

    8e7814d5cb4ecc18688d777a736b5339ff2607af

  • SHA256

    7ce426f785c03e90964d0a41c44a1d2bebb9c965eb7d75a770ee7c6579d775ef

  • SHA512

    185bed965e3d1747172a0f7136640e1e5f6f29b02b1704bd724f712fb636599309c5d7cb8c7657574cb5d50874e80eb903fafd285d015cbec701846867d6678a

  • SSDEEP

    1536:RSjeiFyw3yeF1rVIFFhkrPnQIno+H0RoMUZ:RSjeiFp1rvPnvwoH

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry key 1 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\7ce426f785c03e90964d0a41c44a1d2bebb9c965eb7d75a770ee7c6579d775ef.jar
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\system32\reg.exe
      reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Av9BGlFa5I /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\pE5o8.P1Q\"" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:1288
    • C:\Windows\system32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\*.*"
      2⤵
      • Sets file to hidden
      • Drops desktop.ini file(s)
      • Views/modifies file attributes
      PID:596
    • C:\Windows\system32\attrib.exe
      attrib +s +h +r "C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:584
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\pE5o8.P1Q"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1440
      • C:\Windows\system32\reg.exe
        reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Av9BGlFa5I /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\pE5o8.P1Q\"" /f
        3⤵
        • Adds Run key to start application
        • Modifies registry key
        PID:1184

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\Desktop.ini
          Filesize

          63B

          MD5

          e783bdd20a976eaeaae1ff4624487420

          SHA1

          c2a44fab9df00b3e11582546b16612333c2f9286

          SHA256

          2f65fa9c7ed712f493782abf91467f869419a2f8b5adf23b44019c08190fa3f3

          SHA512

          8c883678e4625ef44f4885b8c6d7485196774f9cb0b9eee7dd18711749bcae474163df9965effcd13ecd1a33cd7265010c152f8504d6013e4f4d85d68a901a80

          Download Submit

        • C:\Users\Admin\AppData\Roaming\pOk7A0fqoQ\pE5o8.P1Q
          Filesize

          62KB

          MD5

          34bc92ecf73de24c406aa75802787907

          SHA1

          8e7814d5cb4ecc18688d777a736b5339ff2607af

          SHA256

          7ce426f785c03e90964d0a41c44a1d2bebb9c965eb7d75a770ee7c6579d775ef

          SHA512

          185bed965e3d1747172a0f7136640e1e5f6f29b02b1704bd724f712fb636599309c5d7cb8c7657574cb5d50874e80eb903fafd285d015cbec701846867d6678a

          Download Submit

        • memory/1348-54-0x000007FEFB9E1000-0x000007FEFB9E3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1348-64-0x0000000002300000-0x0000000005300000-memory.dmp

          Filesize

          48.0MB

          Download

        • memory/1348-65-0x0000000002300000-0x0000000005300000-memory.dmp

          Filesize

          48.0MB

          Download

        • memory/1440-82-0x0000000002210000-0x0000000005210000-memory.dmp

          Filesize

          48.0MB

          Download

        • memory/1440-88-0x0000000002210000-0x0000000005210000-memory.dmp

          Filesize

          48.0MB

          Download