Malware Analysis Report

2024-12-07 20:39

Sample ID 230821-xnqkrafd58
Target ec15235a6a5d1b8bad0f3fbd78840131-sample.zip
SHA256 5482ee474243ec4ce50149fae0706f48d7dc8bb7e89632bfa4d78569c6312fb3
Tags
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

5482ee474243ec4ce50149fae0706f48d7dc8bb7e89632bfa4d78569c6312fb3

Threat Level: Likely benign

The file ec15235a6a5d1b8bad0f3fbd78840131-sample.zip was found to be: Likely benign.

Malicious Activity Summary


Drops file in Program Files directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-21 19:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-21 19:00

Reported

2023-08-21 19:03

Platform

win10-20230703-en

Max time kernel

127s

Max time network

143s

Command Line

java -jar "C:\Users\Admin\AppData\Local\Temp\Invoice no17684.jar"

Signatures

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\ProgramData\Oracle\Java\javapath\java.exe N/A

Processes

C:\ProgramData\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\Invoice no17684.jar"

Network

Country Destination Domain Proto
US 8.8.8.8:53 repo1.maven.org udp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 8.8.8.8:53 github.com udp
US 140.82.112.3:443 github.com tcp
US 8.8.8.8:53 209.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 3.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

memory/4816-121-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-128-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-134-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-135-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-142-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-150-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-159-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-162-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-161-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-165-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-167-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-170-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-172-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-175-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-180-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-182-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-183-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-186-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-187-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-193-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-194-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-195-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-196-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-197-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-198-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-199-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-200-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-203-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-204-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-205-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-208-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-213-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-214-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-215-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-216-0x0000000002950000-0x0000000003950000-memory.dmp

memory/4816-218-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-219-0x0000000000990000-0x0000000000991000-memory.dmp

memory/4816-221-0x0000000000990000-0x0000000000991000-memory.dmp