Overview

overview

10

Static

static

10

HSBCPAYMEN...ON.jar

windows7-x64

3

HSBCPAYMEN...ON.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HSBCPAYMENTINFORMATION.jar

  • Size

    323KB

  • MD5

    8bc5d958958ecbd730d7dda1944df217

  • SHA1

    ba085c5a31c068fc091e5bcdb1053a3361fcab3a

  • SHA256

    af81551ceb897d30262d1e026c726cca1c557432ef3941517d52ba0c729ee390

  • SHA512

    0e5756f0ad4f4ac9d7b6f58457544c070f10bc4f47f24d0d46180bdf4d29de4d3cdba25030acf9aad4c2fe91bbd06d1696bf5fbd17f6911b74256a947036e374

  • SSDEEP

    6144:ONxOYNczJ2hrMeMS37wnjKqIbYUaQ5EpI11qvzA8E2or7JxDia+cdicoJc9X:0QYczJWYo7weqIbP/5EW11qP4r7JxDy4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\HSBCPAYMENTINFORMATION.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\pdjyzlpvxe.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ysbsvvu.txt"
        3⤵
          PID:2448

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\ysbsvvu.txt
      Filesize

      164KB

      MD5

      00e1c2df748956d40fd13287926579ed

      SHA1

      3a92e09d292ccb09d00cefdc356a5c727f70d863

      SHA256

      1a1440b6c0a38795622986389f8b7cf63308a6dbedf739193b4ac1afeb3cb75a

      SHA512

      ce30790fd705cda6e00177290734634ffa3602c7c3071c6220de1dcfa68d80c66254945624354f45668d0d9a3bb7abb8cd6803d0291447ae84d20b8d6f233084

      Download Submit
    • C:\Users\Admin\pdjyzlpvxe.js
      Filesize

      1.4MB

      MD5

      7d4ac63022f6f499138fec47655f7db4

      SHA1

      d7494806d991a807240b322db57c21c8f7fe3e4f

      SHA256

      cba0b00fee9d0a7fea607b8ddbb69c8ec199e5c912e5478ef1df19798dea2c54

      SHA512

      7e9888c49d4016eb8e635ab74a37ad68d3e635f2ceb4b4d21d1287338a61035fca264378a2e5c96602b043e1421934e0bd5bce06ca888847f8978a8a5844af3a

      Download Submit
    • memory/1240-6-0x00000000025F0000-0x00000000055F0000-memory.dmp
      Filesize

      48.0MB

      Download
    • memory/1240-10-0x0000000000440000-0x0000000000441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1240-14-0x0000000000440000-0x0000000000441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2448-28-0x0000000002580000-0x0000000005580000-memory.dmp
      Filesize

      48.0MB

      Download
    • memory/2448-27-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2448-29-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2448-40-0x0000000002580000-0x0000000005580000-memory.dmp
      Filesize

      48.0MB

      Download