Overview

overview

10

Static

static

10

Prosba-o-oferte.jar

windows7-x64

10

Prosba-o-oferte.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-03-2024 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Prosba-o-oferte.jar

  • Size

    41KB

  • MD5

    b225f83a537673f3053e63db84a30662

  • SHA1

    55ea9f056d46bdd03a78df3e885565ec845a31c1

  • SHA256

    7c79a4eed33e40230de0b79cef9fc5425916aea40ae610b234720f609f50b764

  • SHA512

    f5453270287724b2b2e576feb9745c35dfb3069029b0d28a69e9415e6b40f55bf7e91cff0f42217c6024d7d0e8e8d20dc47cfa9d08c4182a2406c13378aef523

  • SSDEEP

    768:3/AKKv6LboyiFV9jKJ6K71Ifu+Lh+FP+6I3zY103e0NhyDEj:YJvIaV9LqCush+FPKs10ufDE

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Prosba-o-oferte.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2884
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2712
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\system32\NETSTAT.EXE
      netstat -ano -p tcp
      2⤵
      • Gathers network information
      • Suspicious use of AdjustPrivilegeToken
      PID:4784

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    89164fe82f72e3fd265b40e4b570f2fd

    SHA1

    76c8026c7a42f689d816fb23933ad162fd32c20f

    SHA256

    559b5a0d9a5f5ebdbc837fdee7bb172b8b928d5f5529076c9bdcc9e0441cebd2

    SHA512

    8811daec0f661d0e74cfb9e3004355675617749397790303c6c1afe82fc927768f0158688029b74c2da72ea9de89e3e275ef1416cfff5d8c31213d5438cdc874

    Download Submit
  • memory/2712-28-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-22-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-33-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-32-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-27-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-23-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-31-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-21-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-30-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2712-29-0x00000175312C0000-0x00000175312C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3892-20-0x0000020EBA3C0000-0x0000020EBA3D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3892-4-0x0000020EBA130000-0x0000020EBB130000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/3892-12-0x0000020EB8910000-0x0000020EB8911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3892-19-0x0000020EBA3B0000-0x0000020EBA3C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3892-17-0x0000020EBA130000-0x0000020EBB130000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/3892-34-0x0000020EBA130000-0x0000020EBB130000-memory.dmp
    Filesize

    16.0MB

    Download