Analysis Overview
SHA256
5482ee474243ec4ce50149fae0706f48d7dc8bb7e89632bfa4d78569c6312fb3
Threat Level: Likely benign
The file ec15235a6a5d1b8bad0f3fbd78840131-sample.zip was found to be: Likely benign.
Malicious Activity Summary
Drops file in Program Files directory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-21 19:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-21 19:00
Reported
2023-08-21 19:03
Platform
win10-20230703-en
Max time kernel
127s
Max time network
143s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb | C:\ProgramData\Oracle\Java\javapath\java.exe | N/A |
Processes
C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Invoice no17684.jar"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | repo1.maven.org | udp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.112.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 209.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
memory/4816-121-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-128-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-134-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-135-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-142-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-150-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-159-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-162-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-161-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-165-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-167-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-170-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-172-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-175-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-180-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-182-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-183-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-186-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-187-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-193-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-194-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-195-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-196-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-197-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-198-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-199-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-200-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-203-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-204-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-205-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-208-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-213-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-214-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-215-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-216-0x0000000002950000-0x0000000003950000-memory.dmp
memory/4816-218-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-219-0x0000000000990000-0x0000000000991000-memory.dmp
memory/4816-221-0x0000000000990000-0x0000000000991000-memory.dmp