Resubmissions
23/03/2025, 13:10
250323-qerywsvpv3 1023/03/2025, 13:09
250323-qd156s1xdv 1023/03/2025, 13:03
250323-qanqns1wav 1023/03/2025, 12:58
250323-p7zzjavly4 10Analysis
-
max time kernel
447s -
max time network
448s -
platform
windows11-21h2_x64 -
resource
win11-20250314-en -
resource tags
arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system -
submitted
23/03/2025, 13:10
Behavioral task
behavioral1
Sample
jarvis (1).jar
Resource
win11-20250314-en
General
-
Target
jarvis (1).jar
-
Size
639KB
-
MD5
375e0c326a3c26135513d18352145eb2
-
SHA1
44bbe6193f58750ef95812c43f162f14d0c2b068
-
SHA256
06294c11050e9e6aace9189e846ea9efb5540f5f709a8d25020d2c000de10630
-
SHA512
6e2e763bde862021e30f70a8108f768df7ca6a206b6fd8ace2c31235e506e1012e9df944361bce360186ffebb8236f98fe7f579d30ace29002c2b5409de28ce6
-
SSDEEP
12288:tL1WQ0/M2IDGL4nywW9fgY/9Rf+p8GN21NgYdSROn3qu02lISjDD0n:tLcQQYDW4ybfgYnip21SGnquplTjDD0n
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4348 wmic.exe Token: SeSecurityPrivilege 4348 wmic.exe Token: SeTakeOwnershipPrivilege 4348 wmic.exe Token: SeLoadDriverPrivilege 4348 wmic.exe Token: SeSystemProfilePrivilege 4348 wmic.exe Token: SeSystemtimePrivilege 4348 wmic.exe Token: SeProfSingleProcessPrivilege 4348 wmic.exe Token: SeIncBasePriorityPrivilege 4348 wmic.exe Token: SeCreatePagefilePrivilege 4348 wmic.exe Token: SeBackupPrivilege 4348 wmic.exe Token: SeRestorePrivilege 4348 wmic.exe Token: SeShutdownPrivilege 4348 wmic.exe Token: SeDebugPrivilege 4348 wmic.exe Token: SeSystemEnvironmentPrivilege 4348 wmic.exe Token: SeRemoteShutdownPrivilege 4348 wmic.exe Token: SeUndockPrivilege 4348 wmic.exe Token: SeManageVolumePrivilege 4348 wmic.exe Token: 33 4348 wmic.exe Token: 34 4348 wmic.exe Token: 35 4348 wmic.exe Token: 36 4348 wmic.exe Token: SeIncreaseQuotaPrivilege 4348 wmic.exe Token: SeSecurityPrivilege 4348 wmic.exe Token: SeTakeOwnershipPrivilege 4348 wmic.exe Token: SeLoadDriverPrivilege 4348 wmic.exe Token: SeSystemProfilePrivilege 4348 wmic.exe Token: SeSystemtimePrivilege 4348 wmic.exe Token: SeProfSingleProcessPrivilege 4348 wmic.exe Token: SeIncBasePriorityPrivilege 4348 wmic.exe Token: SeCreatePagefilePrivilege 4348 wmic.exe Token: SeBackupPrivilege 4348 wmic.exe Token: SeRestorePrivilege 4348 wmic.exe Token: SeShutdownPrivilege 4348 wmic.exe Token: SeDebugPrivilege 4348 wmic.exe Token: SeSystemEnvironmentPrivilege 4348 wmic.exe Token: SeRemoteShutdownPrivilege 4348 wmic.exe Token: SeUndockPrivilege 4348 wmic.exe Token: SeManageVolumePrivilege 4348 wmic.exe Token: 33 4348 wmic.exe Token: 34 4348 wmic.exe Token: 35 4348 wmic.exe Token: 36 4348 wmic.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2364 java.exe 2364 java.exe 2364 java.exe 2364 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2364 wrote to memory of 4348 2364 java.exe 80 PID 2364 wrote to memory of 4348 2364 java.exe 80
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar "C:\Users\Admin\AppData\Local\Temp\jarvis (1).jar"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Windows\System32\Wbem\wmic.exewmic PROCESS GET Name,ProcessId,ExecutablePath /FORMAT:csv2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4348
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
285B
MD5ef476c8b505e76493f9b4becca60798d
SHA1a9794161a879103f8ddf30b345a5df46afe8f9a3
SHA2562819260b9546b0a8a7f52ecd59dca0f99cd991b320f1f6dd6895e0e69de1b540
SHA512df99caf108854111920e2482bfc24f3e23b9e1070c1e6b2ce4826d63e480d79435d98cf9baa4069560926e4c1f07e62d26fb61c4a5867eef24a33d9f98b6daf3