Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22-08-2024 10:08
Behavioral task
behavioral1
Sample
7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar
Resource
win10v2004-20240802-en
General
-
Target
7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar
-
Size
124KB
-
MD5
9b6b8d9e9c4a78a56dd7f3ff3910d123
-
SHA1
063bc159f1a611329e1713b4dd464589311f4ac4
-
SHA256
7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad
-
SHA512
4a0980b766efb187a4869685bb986f20111268282f80da1c287cbbadb50e6eaba8d2ce46733e627530826d367a13d5351f08eabe48830445925ddbd3be189026
-
SSDEEP
3072:DqZlIC+q92TZzGmr3EyyF5cRAzDLmiLqnp8559FX:exT2ZDDExDLFenG3FX
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
java.exewscript.exedescription pid Process procid_target PID 2796 wrote to memory of 3028 2796 java.exe 30 PID 2796 wrote to memory of 3028 2796 java.exe 30 PID 2796 wrote to memory of 3028 2796 java.exe 30 PID 3028 wrote to memory of 2636 3028 wscript.exe 31 PID 3028 wrote to memory of 2636 3028 wscript.exe 31 PID 3028 wrote to memory of 2636 3028 wscript.exe 31
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\system32\wscript.exewscript C:\Users\Admin\kwtjfxitjs.js2⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\jmjkuyg.txt"3⤵PID:2636
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD540324e4190ca694d65c17b8142490c1e
SHA114f8a7fbd6580cc1146a04af95c37b6772bb5215
SHA256943a982c65ebf476f6f454a95e4f8105f6c89d3e90d638113f718a208aa51db0
SHA512885107f66e0441f1d14ae4f193bcacea831f46872ec74501d82f29af7e51731714acf8a63fce72dac557c20c6cd15d1e77734e3fa443bc28dd3cda5aca22f5b7
-
Filesize
211KB
MD502f54cae55ac59791732da5e9dc0bc02
SHA13471c8048595da2b21de90a073254604baa71f3a
SHA25684d3131757d898906d44ed9e775526caeae6b0ffc53817101afbcec81119ecb6
SHA512f16c90ef8952daee6050df14ae372a3021e85045cd8e9fddcabd5699031d1b478577532ba20172c8f8c9d80287c69d056af93a442e20a8f842ec5b3a630bdc67