Overview

overview

10

Static

static

1

7dac70b3a1...c1.jar

windows7-x64

3

7dac70b3a1...c1.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1.jar

  • Size

    223KB

  • MD5

    1fd8b149c3c3fb8dd216174ed3c5246f

  • SHA1

    fb6d16773bb961b2e4b66b318ecd5c0129917724

  • SHA256

    7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1

  • SHA512

    4b5a978a2a5bb1cc659d8cdfc0faa98d0fdcc4da7ada7e6160ae04506d880c84918a9c8afc2b356ecaaedf57388a9161e17a930747c8779b6e2c14a7a04a5118

  • SSDEEP

    6144:k6mceAFqNjwGhZJHruXCWQnNA26hl2pur50IYAGz1qLUbmi8m:k6mMyt9nMD50IfLUbmi8m

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\wgmvvpydzl.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ievpftxw.txt"
        3⤵
          PID:2580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\ievpftxw.txt
      Filesize

      164KB

      MD5

      6f59762675a1043ce3d52145c4fca3b5

      SHA1

      e98851b70a4f1b413599ed7e848d4128d66f7d16

      SHA256

      19a1796f53aed8daf769cb5adc2fdec81bd3cd7b6f5a3a746bd41c97e1eea44c

      SHA512

      067c3d2e9c931cee28c0f5bf63fa0cc3a66b0060b23316aee8320a4383e54bcdd69d97bc7d29423249ff6e711ef7c05f246d689529663c18c00d11bb61742d00

      Download Submit

    • C:\Users\Admin\wgmvvpydzl.js
      Filesize

      362KB

      MD5

      bb50697fe3386d487170c804f149f5d7

      SHA1

      d60bf6416d6274f65a0271c7bfc59f150a2634dc

      SHA256

      66fb7818e20c441594aad7548dddf22c0b6cf48d3205dd6533fa88fd7f0079b8

      SHA512

      0665986405ef38db17d7c6e5b96074cd6764ee2c5af8a3e08a9afb5f68d51f5c79cf0e448c11df3cd4e4b9e67c65cc2f2f8cbe58ff3eda13078a65748d1b5035

      Download Submit

    • memory/2504-2-0x0000000002270000-0x00000000024E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2504-12-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2504-13-0x0000000002270000-0x00000000024E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2580-19-0x00000000021D0000-0x0000000002440000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2580-27-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2580-34-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2580-43-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2580-71-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2580-164-0x00000000021D0000-0x0000000002440000-memory.dmp

      Filesize

      2.4MB

      Download