Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
04/06/2024, 12:41
General
-
Target
DB46ADCFAE462E7C475C171FBE66DF82_paymentadvice.jar
-
Size
128KB
-
MD5
db46adcfae462e7c475c171fbe66df82
-
SHA1
2b43211053d00147b2cb9847843911c771fd3db4
-
SHA256
02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45
-
SHA512
25beab216af2dd7ff9fe4db6a7a4b1246ee225ef9ab48af2873bf5076b8b22ba2c75224592e6b34bddfbb8718a754ffd7c63db6167ef1992b04db143c58e377b
-
SSDEEP
3072:VR/6ZQvChcDfJNBOFJKMRXcCqfrCUMBpXOg84WoUeonNTFN:LdvCGJN0FJ1RXcgBpXOjOjSNTFN
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Drops file in Windows directory 4 IoCs
-
Modifies registry key 1 TTPs 4 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 21 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\DB46ADCFAE462E7C475C171FBE66DF82_paymentadvice.jar1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v GKXeW0Yke7 /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\9bor9J6cRd\unXX0JIhwW.txt\"" /f2⤵
- Adds Run key to start application
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GKXeW0Yke7 /f2⤵
- Modifies registry key
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Roaming\9bor9J6cRd\*.*"2⤵
- Sets file to hidden
- Drops desktop.ini file(s)
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Roaming\9bor9J6cRd"2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\9bor9J6cRd\unXX0JIhwW.txt"2⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v GKXeW0Yke7 /t REG_SZ /d "\"C:\Program Files\Java\jre7\bin\javaw.exe\" -jar \"C:\Users\Admin\AppData\Roaming\9bor9J6cRd\unXX0JIhwW.txt\"" /f3⤵
- Adds Run key to start application
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GKXeW0Yke7 /f3⤵
- Modifies registry key
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63B
MD5e783bdd20a976eaeaae1ff4624487420
SHA1c2a44fab9df00b3e11582546b16612333c2f9286
SHA2562f65fa9c7ed712f493782abf91467f869419a2f8b5adf23b44019c08190fa3f3
SHA5128c883678e4625ef44f4885b8c6d7485196774f9cb0b9eee7dd18711749bcae474163df9965effcd13ecd1a33cd7265010c152f8504d6013e4f4d85d68a901a80
-
Filesize
128KB
MD5db46adcfae462e7c475c171fbe66df82
SHA12b43211053d00147b2cb9847843911c771fd3db4
SHA25602d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45
SHA51225beab216af2dd7ff9fe4db6a7a4b1246ee225ef9ab48af2873bf5076b8b22ba2c75224592e6b34bddfbb8718a754ffd7c63db6167ef1992b04db143c58e377b
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.4MB