Overview

overview

10

Static

static

1

14bbc47ec1...9d.jar

windows7-x64

3

14bbc47ec1...9d.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d.jar

  • Size

    220KB

  • MD5

    a9f7ea02e9ac0ae3efbd5564ebbe62e8

  • SHA1

    63719732ad04043d689fc67bcf5fbb9019988e3b

  • SHA256

    14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d

  • SHA512

    0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37

  • SSDEEP

    6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\tofwanmkji.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hyeddoyiy.txt"
        3⤵
          PID:2656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\hyeddoyiy.txt
      Filesize

      164KB

      MD5

      7ea89d19a8441cc58b7255dc9fb205fa

      SHA1

      2ae19607a8231bffd72353766f4017eb5492f3e8

      SHA256

      486b68ef93d03c4e486b8ddd9e153391e7debc6839e0c09d38999dd159e30705

      SHA512

      0a76f52939c305b2756fa486222210a4a8c40deff0fc753d11da899baaa84da2fed37ddbd333c6b1dc91ea07a2a1bffcaeb4db08dcbb3db97c925254e6bcbaf4

      Download Submit

    • C:\Users\Admin\tofwanmkji.js
      Filesize

      356KB

      MD5

      c054cdd3740b6ad199513ad8912cfae1

      SHA1

      e50dc619c0162ef17fea90043edcb8cf3e8e3481

      SHA256

      2c14bfb7cce603a785fca04c904d43a1273b9b982747487f8ed855055974b3f3

      SHA512

      54bbee1b771c27bb0ed83fdd94e89fcf552b87bf834c4caa66b14ba61b17517b129918b1b12a369e723629ad4219f7e66bb30804f82652947b9fc1e5f7b5ccbc

      Download Submit

    • memory/2156-2-0x00000000025E0000-0x0000000002850000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2156-12-0x0000000000350000-0x0000000000351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-14-0x00000000025E0000-0x0000000002850000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2656-27-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-19-0x0000000002520000-0x0000000002790000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2656-34-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-43-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-50-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-53-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-86-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-162-0x0000000002520000-0x0000000002790000-memory.dmp

      Filesize

      2.4MB

      Download