Analysis
-
max time kernel
157s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27/03/2023, 13:21
Static task
static1
Behavioral task
behavioral1
Sample
UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar
Resource
win10v2004-20230220-en
General
-
Target
UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar
-
Size
220KB
-
MD5
b63df0e1517233d0d5d60e5375b774b2
-
SHA1
063aedab9fa8b4ef44dd8ca8f08e00496e21546a
-
SHA256
0431faeccbeca99b242fe5d8464ad5fcc7a24a853df8424d9c49951911e4fdab
-
SHA512
61bbef99c1ae4ffe32a89a0e8e2d586fc26c5fd9932b3a58f97ef99e7f18f968a67a6818f7160b0f74d140e2ca989f6d39845c906b9de8aab44430938afa17ce
-
SSDEEP
6144:SZuvXdGeqfj20asN+YfalfNZCDtKJdtoe:YuvtfqfpxNhfQNMIbie
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1700 wrote to memory of 860 1700 java.exe 29 PID 1700 wrote to memory of 860 1700 java.exe 29 PID 1700 wrote to memory of 860 1700 java.exe 29
Processes
-
C:\Windows\system32\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar"1⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files\Java\jre7\bin\java.exe"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar"2⤵PID:860
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
MD5b63df0e1517233d0d5d60e5375b774b2
SHA1063aedab9fa8b4ef44dd8ca8f08e00496e21546a
SHA2560431faeccbeca99b242fe5d8464ad5fcc7a24a853df8424d9c49951911e4fdab
SHA51261bbef99c1ae4ffe32a89a0e8e2d586fc26c5fd9932b3a58f97ef99e7f18f968a67a6818f7160b0f74d140e2ca989f6d39845c906b9de8aab44430938afa17ce