Overview

overview

10

Static

static

10

invoice58499.jar

windows7-x64

1

invoice58499.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    invoice58499.jar

  • Size

    209KB

  • MD5

    1f1f27ded1ea733d6be70e13bb1ecd60

  • SHA1

    d03405a17b31e3f58ab90d4cb1ee08f9ba0cf131

  • SHA256

    cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb

  • SHA512

    e8f50c947fb25b286185bbeda4ba70b2efbb545584e8f7ab018752f7dec84b1ea3aa13f052620b8e7f2d635d4e480cd3657af71cc29c524512b4cd35879a88c4

  • SSDEEP

    3072:jVhrFK2o50lj/H9OtNodDZawwcSHpHA1QNPmnztEHb7yR7MBprhF19AyGZV4etuc:jp7jx1fwcCg1QNPmzmKdMBnF/c42

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\invoice58499.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3268
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    791827b9e1cf5f38de09d3f53ddd6215

    SHA1

    dfe51bac267bace45eb0557e692a3339755ebd29

    SHA256

    2f12b1978fdcbf519ceefda713ddf01a5115eb85124902535e2dbf816467f18f

    SHA512

    970c1b3fc35af413c1437cc09abc407eb553c1a05e14cd44e664ee8bf517dd522d78202827f43f4df4cbc3a91ea513ee8cef6d142fb90a256de11eec955f8107

    Download Submit
  • memory/3268-4-0x000001DD902C0000-0x000001DD912C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/3268-12-0x000001DD8E9F0000-0x000001DD8E9F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3268-17-0x000001DD902C0000-0x000001DD912C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/3268-19-0x000001DD90540000-0x000001DD90550000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3268-20-0x000001DD90550000-0x000001DD90560000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3268-21-0x000001DD902C0000-0x000001DD912C0000-memory.dmp
    Filesize

    16.0MB

    Download