Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-11-2024 10:14
Behavioral task
behavioral1
Sample
Listing_error_15_code_file-002.jar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Listing_error_15_code_file-002.jar
Resource
win10v2004-20241007-en
General
-
Target
Listing_error_15_code_file-002.jar
-
Size
190KB
-
MD5
1a7a05db5686a51ce39c3b35c111d73f
-
SHA1
c6ba4712046569c3d6601e5d2f85aeecfabef69b
-
SHA256
bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
-
SHA512
f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9
-
SSDEEP
3072:OrYdkjhtVe7DDgZwqku/GLwlsA54LO/Q+7Jkb5o7/pJhHufYiYlDwVK/ASrx:etVqs+qku/aK4SzWU/ThHuQikDCHSd
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
java.exedescription ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Listing_error_15_code_file-002.jar java.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
java.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\Listing_error_15_code_file-002 = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Listing_error_15_code_file-002.jar\"" java.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Listing_error_15_code_file-002 = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Listing_error_15_code_file-002.jar\"" java.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
java.exedescription pid Process procid_target PID 2412 wrote to memory of 2768 2412 java.exe 32 PID 2412 wrote to memory of 2768 2412 java.exe 32 PID 2412 wrote to memory of 2768 2412 java.exe 32
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Listing_error_15_code_file-002.jar1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files\Java\jre7\bin\java.exe"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Listing_error_15_code_file-002.jar"2⤵PID:2768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
190KB
MD51a7a05db5686a51ce39c3b35c111d73f
SHA1c6ba4712046569c3d6601e5d2f85aeecfabef69b
SHA256bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
SHA512f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9