7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar
Size

124KB
MD5

9b6b8d9e9c4a78a56dd7f3ff3910d123
SHA1

063bc159f1a611329e1713b4dd464589311f4ac4
SHA256

7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad
SHA512

4a0980b766efb187a4869685bb986f20111268282f80da1c287cbbadb50e6eaba8d2ce46733e627530826d367a13d5351f08eabe48830445925ddbd3be189026
SSDEEP

3072:DqZlIC+q92TZzGmr3EyyF5cRAzDLmiLqnp8559FX:exT2ZDDExDLFenG3FX

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

java.exewscript.exe

description	pid	process	target process
PID 2876 wrote to memory of 2624	2876	java.exe	wscript.exe
PID 2876 wrote to memory of 2624	2876	java.exe	wscript.exe
PID 2876 wrote to memory of 2624	2876	java.exe	wscript.exe
PID 2624 wrote to memory of 2596	2624	wscript.exe	javaw.exe
PID 2624 wrote to memory of 2596	2624	wscript.exe	javaw.exe
PID 2624 wrote to memory of 2596	2624	wscript.exe	javaw.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\kwtjfxitjs.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\kpfuprzu.txt"
    3⤵
    PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\kpfuprzu.txt

Filesize
92KB

MD5
40324e4190ca694d65c17b8142490c1e

SHA1
14f8a7fbd6580cc1146a04af95c37b6772bb5215

SHA256
943a982c65ebf476f6f454a95e4f8105f6c89d3e90d638113f718a208aa51db0

SHA512
885107f66e0441f1d14ae4f193bcacea831f46872ec74501d82f29af7e51731714acf8a63fce72dac557c20c6cd15d1e77734e3fa443bc28dd3cda5aca22f5b7

Download Submit
C:\Users\Admin\kwtjfxitjs.js

Filesize
211KB

MD5
02f54cae55ac59791732da5e9dc0bc02

SHA1
3471c8048595da2b21de90a073254604baa71f3a

SHA256
84d3131757d898906d44ed9e775526caeae6b0ffc53817101afbcec81119ecb6

SHA512
f16c90ef8952daee6050df14ae372a3021e85045cd8e9fddcabd5699031d1b478577532ba20172c8f8c9d80287c69d056af93a442e20a8f842ec5b3a630bdc67

Download Submit
memory/2596-54-0x0000000002490000-0x0000000002700000-memory.dmp

Filesize
2.4MB

Download
memory/2596-59-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-120-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-19-0x0000000002490000-0x0000000002700000-memory.dmp

Filesize
2.4MB

Download
memory/2596-27-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-34-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-41-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-53-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-107-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-56-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-58-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-99-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-60-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-63-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-89-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-91-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-97-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-98-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2876-13-0x00000000026D0000-0x0000000002940000-memory.dmp

Filesize
2.4MB

Download
memory/2876-2-0x00000000026D0000-0x0000000002940000-memory.dmp

Filesize
2.4MB

Download
memory/2876-12-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download