Overview

overview

10

Static

static

10

Factura 39.jar

windows7-x64

1

Factura 39.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Factura 39.jar

  • Size

    209KB

  • MD5

    3333050c3c251d6d86514742a16005e4

  • SHA1

    672122d7cb8b07c939f4bf1415e9c253bd3e41e4

  • SHA256

    67e00d139b6348ec53d26f3cdcc3e958fe76a35ea933199a615e210667a5ade7

  • SHA512

    208d54ece920d384dd8a025c3c70114ec040713c3aa6991f574fa343853d2f098bc8bebc213f35f605c6c3c52d72be1f51d5a48f77ff76a959cffac5d1d78559

  • SSDEEP

    6144:fm98tJ9Hd/A8FSywzy4RrCVws46CumPHVmyKk:fmatjt7Rw/ews46qNKk

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Factura 39.jar"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4240

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    a249d91daba53034a2a19268dc77ea1b

    SHA1

    35699166d8fd823fc36b59915f2fe68938fa7f4d

    SHA256

    2c73404d3ef4dddf0ce1e1a6d73abe8403472e4c5f0c7dd1cab5054ca69f9881

    SHA512

    9bf1fa82cdd59c0d7cef52e24acac3eb3dbbe35cab4b3d89454f3717220435a9055d7f28758a685bce7800e30550b283e59d27377fb74fea54ff3338d68014b5

    Download Submit
  • memory/1252-5-0x00000241DE5F0000-0x00000241DF5F0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1252-17-0x00000241DE5F0000-0x00000241DF5F0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1252-19-0x00000241DE5D0000-0x00000241DE5D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1252-24-0x00000241DE870000-0x00000241DE880000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-25-0x00000241DE880000-0x00000241DE890000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-26-0x00000241DE5F0000-0x00000241DF5F0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1252-27-0x00000241DE8A0000-0x00000241DE8B0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-28-0x00000241DE8B0000-0x00000241DE8C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-29-0x00000241DE8C0000-0x00000241DE8D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-30-0x00000241DE5F0000-0x00000241DF5F0000-memory.dmp
    Filesize

    16.0MB

    Download