cd0efb507debe4ce7d2e881ad977bb030dea0ee3bcf1d9d59552543a143bd60a

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar
Size

190KB
MD5

1a7a05db5686a51ce39c3b35c111d73f
SHA1

c6ba4712046569c3d6601e5d2f85aeecfabef69b
SHA256

bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
SHA512

f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9
SSDEEP

3072:OrYdkjhtVe7DDgZwqku/GLwlsA54LO/Q+7Jkb5o7/pJhHufYiYlDwVK/ASrx:etVqs+qku/aK4SzWU/ThHuQikDCHSd

Score

7^/10

persistence

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

java.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar	java.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

java.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar\""	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar\""	java.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

java.exe

description	pid	process	target process
PID 2600 wrote to memory of 2948	2600	java.exe	java.exe
PID 2600 wrote to memory of 2948	2600	java.exe	java.exe
PID 2600 wrote to memory of 2948	2600	java.exe	java.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar
1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Java\jre7\bin\java.exe
  "C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar"
  2⤵
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar

Filesize
190KB

MD5
1a7a05db5686a51ce39c3b35c111d73f

SHA1
c6ba4712046569c3d6601e5d2f85aeecfabef69b

SHA256
bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493

SHA512
f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9

Download Submit
memory/2600-2-0x0000000002250000-0x00000000024C0000-memory.dmp

Filesize
2.4MB

Download
memory/2600-10-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2600-21-0x0000000002250000-0x00000000024C0000-memory.dmp

Filesize
2.4MB

Download
memory/2948-22-0x00000000022C0000-0x0000000002530000-memory.dmp

Filesize
2.4MB

Download
memory/2948-30-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2948-32-0x00000000022C0000-0x0000000002530000-memory.dmp

Filesize
2.4MB

Download