Overview

overview

3

Static

static

1

jar-infect...ib.dll

windows7-x64

1

jar-infect...ib.dll

windows10-2004-x64

1

jar-infect...er.exe

windows7-x64

1

jar-infect...er.exe

windows10-2004-x64

jar-infect...config

windows7-x64

3

jar-infect...config

windows10-2004-x64

3

jar-infect...ll.dll

windows7-x64

1

jar-infect...ll.dll

windows10-2004-x64

1

jar-infect...ck.dll

windows7-x64

1

jar-infect...ck.dll

windows10-2004-x64

1

jar-infect...rs.dll

windows7-x64

1

jar-infect...rs.dll

windows10-2004-x64

1

jar-infect...ry.dll

windows7-x64

1

jar-infect...ry.dll

windows10-2004-x64

1

jar-infect...rs.dll

windows7-x64

1

jar-infect...rs.dll

windows10-2004-x64

1

jar-infect...fe.dll

windows7-x64

1

jar-infect...fe.dll

windows10-2004-x64

1

jar-infect...ns.dll

windows7-x64

1

jar-infect...ns.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1199s
  • max time network
    877s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2023, 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jar-infection-scanner/JarInfectionScanner.exe.config

  • Size

    541B

  • MD5

    037326d0ede5d00677cb80c074cdc349

  • SHA1

    7ccf99ccd09a494a8b8ee5e941f6b1592bdebbd5

  • SHA256

    430741f4242a67dd22264a71481ad55a7ecd339da5a8433b8d5a41c63fc4b8ee

  • SHA512

    c269cb06f05eb2c16e48393ff39cc1bc3986f2c4c31e24496db1bf9079b60ee83a10f61c304fd1e649cc3dcdeb0085c3071eabf098b544e3985ffe9ecfe9c329

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\jar-infection-scanner\JarInfectionScanner.exe.config
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\jar-infection-scanner\JarInfectionScanner.exe.config"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of SetWindowsHookEx
      PID:1512

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads