Overview

overview

10

Static

static

10

nigger.bat.jar

windows7-x64

1

nigger.bat.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nigger.bat.jar

  • Size

    639KB

  • MD5

    535b23591268fa2e1fb35f18972a004e

  • SHA1

    6427e6149da9fe83c4bdb8321edda03a7b4925d4

  • SHA256

    93fd8e9003a1024b8bd3c76509accf410e53a1eeab22d062a0b55f81b42622b3

  • SHA512

    20521279607fad57f65680566dd27a4d7c42c69153582ad768957fac341b9b974674360d631c5bdaa7ade1157ba88b8f93cc7d89506f56e6f38964d6c65dbcef

  • SSDEEP

    12288:CjfJQ5/z7Rwnl4plo98Hg2/rR7+BLpNexBgMd+Rqz3KuY2JgS7vDAY:CjhQ5Jwl4zDHg2l2bex+KLKuVJ77vDAY

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\nigger.bat.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4008
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp
      2⤵
      • Views/modifies file attributes
      PID:2268
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp" /f"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3288
      • C:\Windows\system32\reg.exe
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp" /f
        3⤵
        • Adds Run key to start application
        PID:648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    5193be4ba174872f33d02a41d8615d3e

    SHA1

    38bfb78a7dd795c02bc1d870ea21fa0711410d6e

    SHA256

    efdf682dc55f57f45bfcc3bd3d9ed5a8d88296e1a05220ec9c538a8542c98756

    SHA512

    cdeabdd5a8d62dda401f59d74aab48891f98a508bb9d349b243dc49ee1fe8dd88c1ca446186e38648bb488ce793860a3e4bf01e59246571beff051e5e45ef04e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1713234990527.tmp
    Filesize

    639KB

    MD5

    535b23591268fa2e1fb35f18972a004e

    SHA1

    6427e6149da9fe83c4bdb8321edda03a7b4925d4

    SHA256

    93fd8e9003a1024b8bd3c76509accf410e53a1eeab22d062a0b55f81b42622b3

    SHA512

    20521279607fad57f65680566dd27a4d7c42c69153582ad768957fac341b9b974674360d631c5bdaa7ade1157ba88b8f93cc7d89506f56e6f38964d6c65dbcef

    Download Submit

  • memory/5036-38-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-39-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-17-0x000002142BF40000-0x000002142BF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-23-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-12-0x000002142BF40000-0x000002142BF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-31-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-36-0x000002142BF40000-0x000002142BF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-37-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-4-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-13-0x000002142BF40000-0x000002142BF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-61-0x000002142BF40000-0x000002142BF41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-64-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-65-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-66-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-67-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-68-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-71-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/5036-72-0x000002142D710000-0x000002142E710000-memory.dmp

    Filesize

    16.0MB

    Download