Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
24-09-2024 01:48
Behavioral task
behavioral1
Sample
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar
Resource
win10v2004-20240802-en
General
-
Target
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar
-
Size
282KB
-
MD5
085b0d7b2ab0862abe65c54e50e25415
-
SHA1
c7c215b0a6fb35394ac65ecf2179a8cba70b0164
-
SHA256
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2
-
SHA512
b23377f973c5c576f04305613d98cfb1a0053ae7239acfe7f6e1a6b7554cf231fbe46caa18db4787e6d59798148e904599d5d2f60863e25d9b1a474ad88f801f
-
SSDEEP
6144:dBG0lV3jUa3QKplCNuVpfgtSUjH2y5Mobu/uHYNUSG:1lV34sQKpl7VVgB2OM1W4N5G
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
java.exewscript.exedescription pid Process procid_target PID 2116 wrote to memory of 2572 2116 java.exe 31 PID 2116 wrote to memory of 2572 2116 java.exe 31 PID 2116 wrote to memory of 2572 2116 java.exe 31 PID 2572 wrote to memory of 2056 2572 wscript.exe 32 PID 2572 wrote to memory of 2056 2572 wscript.exe 32 PID 2572 wrote to memory of 2056 2572 wscript.exe 32
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Windows\system32\wscript.exewscript C:\Users\Admin\egtqrikcxw.js2⤵
- Suspicious use of WriteProcessMemory
PID:2572 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\phszupyysq.txt"3⤵PID:2056
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD5b16ad4531fc12940513b015cbde0ab38
SHA1d88885c20e35467e6b10047cd5c5d5f5f4ab6066
SHA25674a0607b4c9ad73daaf0678a4e0ee4cdf83a39b0f6e955723a92e987ec23c476
SHA5123d7995c8561f660077d585f19c78bb55a66f89eaea360fb6447a78b94983a01746aefdcec66e15befe2e7747954f47259a9b9297c2d51ac820f51790d3503612
-
Filesize
454KB
MD525d23e8cda95e40f2cb3f722dc55961e
SHA1ebf80506c40e3423fb6584fe149637cda5c335b9
SHA25606c27aff5c171b83a7f3e9d2866f1e0101b0ad0cef61bfb9c557e414d182295c
SHA512790f2435de0dd8a2e07c4dd653a13c8837873d65bb30337335cef08852cf748ce173e0fea442277bfb85998d6501e34e66e9d5d38e8ecddc55852444ee6feb5a