Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-06-2024 01:53
Behavioral task
behavioral1
Sample
e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
Resource
win7-20240221-en
General
-
Target
e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
-
Size
123KB
-
MD5
6a6bcf5dbe9ee0e68969958ca3565122
-
SHA1
c515cd6309bdff8f1b7b996f0846eae3ea27b768
-
SHA256
e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae
-
SHA512
2dc5021ce4e033a1ae67ec2905b3acb7b237c3a00bebe54b030f461675ceb570e738743348a889ea3400b7d01e6261edb5d835c4759914960ae29cbba98a00a6
-
SSDEEP
3072:4+1ksmuRo+BmpH7Rx/inqhzlE0EP5vdRGXVIJeouw:2sHbmpRgnqhzPEP5vbGXiuw
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
java.exewscript.exedescription pid Process procid_target PID 2756 wrote to memory of 3016 2756 java.exe 29 PID 2756 wrote to memory of 3016 2756 java.exe 29 PID 2756 wrote to memory of 3016 2756 java.exe 29 PID 3016 wrote to memory of 2568 3016 wscript.exe 30 PID 3016 wrote to memory of 2568 3016 wscript.exe 30 PID 3016 wrote to memory of 2568 3016 wscript.exe 30
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\system32\wscript.exewscript C:\Users\Admin\pzsjuirnnn.js2⤵
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rgnsqjkts.txt"3⤵PID:2568
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD540324e4190ca694d65c17b8142490c1e
SHA114f8a7fbd6580cc1146a04af95c37b6772bb5215
SHA256943a982c65ebf476f6f454a95e4f8105f6c89d3e90d638113f718a208aa51db0
SHA512885107f66e0441f1d14ae4f193bcacea831f46872ec74501d82f29af7e51731714acf8a63fce72dac557c20c6cd15d1e77734e3fa443bc28dd3cda5aca22f5b7
-
Filesize
204KB
MD5df07d5680a1bcd9a5af8a5a1b6b52598
SHA1b070b44d630ae454c34419e65d38850ee2ca6bfb
SHA2561d10f4534674ce86f17ec22da471f3d472da1f6a15348238e4e289f0e0e4c0e0
SHA512e1f742db062e02773a9cde941607b512bc97ac68f09bb2e249492303f28011116bcfab10c84f596cef45c7fd39da01f2715ba3ea6f8f429c984ac896ed821ee6