Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-09-2024 18:11
Static task
static1
Behavioral task
behavioral1
Sample
ORDER-2490407.PDF.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ORDER-2490407.PDF.js
Resource
win10v2004-20240802-en
General
-
Target
ORDER-2490407.PDF.js
-
Size
7KB
-
MD5
4fcc56b7dbee1342e383030ab4be2e4a
-
SHA1
63f5f4aa8bc732b9e678e64003f3760ee04c803e
-
SHA256
743569106872154115ba9aa6c4d354ebacb7cb9db052306416f4e3890b994239
-
SHA512
07ae0d9c24c3857b058f52cc6719196133e50da699b065e96a27b7e7629a37fede86479884ffddce3b5ba4b38aca95ba4f419fe9eb48cc1effc0a33d5a7606ed
-
SSDEEP
192:PgDlcwvjBSx2FHIdPNLSxMISUEcwvjszhczS8McInkjHcZSfAIcLcRSTJcwvjG/i:PB47
Malware Config
Signatures
-
Detect jar appended to MSI 1 IoCs
resource yara_rule behavioral1/files/0x002f0000000173f3-6.dat jar_in_msi -
Blocklisted process makes network request 1 IoCs
flow pid Process 3 1780 wscript.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1780 wrote to memory of 2808 1780 wscript.exe 29 PID 1780 wrote to memory of 2808 1780 wscript.exe 29 PID 1780 wrote to memory of 2808 1780 wscript.exe 29 PID 2808 wrote to memory of 2624 2808 WScript.exe 30 PID 2808 wrote to memory of 2624 2808 WScript.exe 30 PID 2808 wrote to memory of 2624 2808 WScript.exe 30
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\ORDER-2490407.PDF.js1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\JLLUMC.js"2⤵
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\VjX.jar"3⤵PID:2624
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
367KB
MD5961caa8b91ecbca3ce8601dc4a515e51
SHA18480098196ccd298f122bbe9cc463954ddc0f241
SHA256320ccbaab0c9d5cd7da65b3323b6e3d3cf36c5010d7f80598861150fa809eceb
SHA512ce591541e0f3ff5d4781dd04c902336ff3b6b416934516c25d11886195d5829bbc13d20e5489811c8995c083b1842f090171e4f6cbf249a64cd1c78f580a72a7
-
Filesize
258KB
MD5e47c15a77ec5efc447b41c23dd4760bc
SHA1ebd7c32dd6ba13a999e2f05552e6e432d9d49035
SHA2565f6f4c0f820e97ca6c40d16d25ca1e24010c4f4e3462f4f79c0de8e886528b2a
SHA512c34daf6940637261e3e596187d9e82c0aecc9f5dc3099126fa8cdc4e8ac596128fc2ce16b829933b802aa0f83e3c916de427f59474636d56ce7bb22f73e0ea35