Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 03:08
Behavioral task
behavioral1
Sample
Internet_bnk_details_neft-issues_jpg.jar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Internet_bnk_details_neft-issues_jpg.jar
Resource
win10v2004-20241007-en
General
-
Target
Internet_bnk_details_neft-issues_jpg.jar
-
Size
190KB
-
MD5
1a7a05db5686a51ce39c3b35c111d73f
-
SHA1
c6ba4712046569c3d6601e5d2f85aeecfabef69b
-
SHA256
bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
-
SHA512
f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9
-
SSDEEP
3072:OrYdkjhtVe7DDgZwqku/GLwlsA54LO/Q+7Jkb5o7/pJhHufYiYlDwVK/ASrx:etVqs+qku/aK4SzWU/ThHuQikDCHSd
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
java.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet_bnk_details_neft-issues_jpg.jar java.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
java.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\Internet_bnk_details_neft-issues_jpg = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Internet_bnk_details_neft-issues_jpg.jar\"" java.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet_bnk_details_neft-issues_jpg = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Internet_bnk_details_neft-issues_jpg.jar\"" java.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
java.exedescription pid process target process PID 2872 wrote to memory of 2072 2872 java.exe java.exe PID 2872 wrote to memory of 2072 2872 java.exe java.exe PID 2872 wrote to memory of 2072 2872 java.exe java.exe
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Internet_bnk_details_neft-issues_jpg.jar1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files\Java\jre7\bin\java.exe"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Internet_bnk_details_neft-issues_jpg.jar"2⤵PID:2072
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Internet_bnk_details_neft-issues_jpg.jar
Filesize190KB
MD51a7a05db5686a51ce39c3b35c111d73f
SHA1c6ba4712046569c3d6601e5d2f85aeecfabef69b
SHA256bbd5de9d533b350b86e4d9aa54b6545c6e890c4f263ad27433b2c995faf89493
SHA512f15d3e2f5cd3a10111c87c2f6c1d8d7bf51fab14f9e6c33ffde067a5c7df2d7f81055d0ba331a840a33ba596cb45e782299f626367a928447a08480d41a3a1c9