Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-11-2024 12:20
Behavioral task
behavioral1
Sample
MIS_FILE_9888123_RECEIVED_xsls.jar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MIS_FILE_9888123_RECEIVED_xsls.jar
Resource
win10v2004-20241007-en
General
-
Target
MIS_FILE_9888123_RECEIVED_xsls.jar
-
Size
190KB
-
MD5
1a7a05db5686a51ce39c3b35c111d73f
-
SHA1
c6ba4712046569c3d6601e5d2f85aeecfabef69b
-
SHA256
bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
-
SHA512
f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9
-
SSDEEP
3072:OrYdkjhtVe7DDgZwqku/GLwlsA54LO/Q+7Jkb5o7/pJhHufYiYlDwVK/ASrx:etVqs+qku/aK4SzWU/ThHuQikDCHSd
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
java.exedescription ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MIS_FILE_9888123_RECEIVED_xsls.jar java.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
java.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\MIS_FILE_9888123_RECEIVED_xsls = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\MIS_FILE_9888123_RECEIVED_xsls.jar\"" java.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MIS_FILE_9888123_RECEIVED_xsls = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\MIS_FILE_9888123_RECEIVED_xsls.jar\"" java.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
java.exedescription pid Process procid_target PID 2764 wrote to memory of 2636 2764 java.exe 31 PID 2764 wrote to memory of 2636 2764 java.exe 31 PID 2764 wrote to memory of 2636 2764 java.exe 31
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\MIS_FILE_9888123_RECEIVED_xsls.jar1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files\Java\jre7\bin\java.exe"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\MIS_FILE_9888123_RECEIVED_xsls.jar"2⤵PID:2636
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
190KB
MD51a7a05db5686a51ce39c3b35c111d73f
SHA1c6ba4712046569c3d6601e5d2f85aeecfabef69b
SHA256bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
SHA512f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9