Overview

overview

10

Static

static

10

New order ...15.jar

windows7-x64

1

New order ...15.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New order PI 24E8015.jar

  • Size

    182KB

  • MD5

    6931358f3fc8605f88a913672cd3bb2f

  • SHA1

    05058b97361814763d3921808b3058cb7347f1aa

  • SHA256

    2c3c7bb834448fb264ee307b45877b28eacfb51c97c1733fb0f5f12e172a2d66

  • SHA512

    27f2d7d3bdc89292e364a301f5a4263fa4c36588418333c16f6ce0812b038f71300c7242c489e502a9e17d08943aa7b602535944459e4624ad2595c035188e10

  • SSDEEP

    3072:WLiKdwQJ6IIGhKxO9SNr36eE6HaZZhWS26j5I1pemu4Gnxs5z7Up:8lwZPOKxO9wsM69z3Pnxyfg

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\New order PI 24E8015.jar"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2524

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    34daf95a82e115b5546a2ae32af05cbb

    SHA1

    38e531c21c17f86e3b7391d54c10509d8eabd042

    SHA256

    128512b9551dd4b9cf31ac0cbfd92d6bf7c1f40ae284e64ea12707d4e45997ed

    SHA512

    5a3e897f0b9587d0c94c4b62cf0a944bac11d0deadf04b25d7f9fe644de2dc7a7cf3c1ea6d57ef1bd31f8aed36641a3ea8f422a488158171d8a50c7b5af36976

    Download Submit
  • memory/1952-39-0x00000273A03C0000-0x00000273A03D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-37-0x00000273A03A0000-0x00000273A03B0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-18-0x00000273A0110000-0x00000273A1110000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1952-29-0x000002739E920000-0x000002739E921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1952-38-0x00000273A0400000-0x00000273A0410000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-36-0x00000273A0390000-0x00000273A03A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-12-0x000002739E920000-0x000002739E921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1952-4-0x00000273A0110000-0x00000273A1110000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1952-31-0x00000273A0110000-0x00000273A1110000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1952-40-0x00000273A03D0000-0x00000273A03E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-41-0x00000273A03E0000-0x00000273A03F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-42-0x00000273A03F0000-0x00000273A0400000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-43-0x00000273A0410000-0x00000273A0420000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-44-0x00000273A0430000-0x00000273A0440000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1952-45-0x00000273A0110000-0x00000273A1110000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1952-46-0x00000273A0110000-0x00000273A1110000-memory.dmp
    Filesize

    16.0MB

    Download