e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae

Resubmissions

21-06-2024 17:49

240621-wea82ayeph 10

09-06-2024 09:22

240609-lb4fasgf3w 10

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-06-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
Size

123KB
MD5

6a6bcf5dbe9ee0e68969958ca3565122
SHA1

c515cd6309bdff8f1b7b996f0846eae3ea27b768
SHA256

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae
SHA512

2dc5021ce4e033a1ae67ec2905b3acb7b237c3a00bebe54b030f461675ceb570e738743348a889ea3400b7d01e6261edb5d835c4759914960ae29cbba98a00a6
SSDEEP

3072:4+1ksmuRo+BmpH7Rx/inqhzlE0EP5vdRGXVIJeouw:2sHbmpRgnqhzPEP5vbGXiuw

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

java.exewscript.exe

description	pid	process	target process
PID 1504 wrote to memory of 404	1504	java.exe	wscript.exe
PID 1504 wrote to memory of 404	1504	java.exe	wscript.exe
PID 1504 wrote to memory of 404	1504	java.exe	wscript.exe
PID 404 wrote to memory of 2624	404	wscript.exe	javaw.exe
PID 404 wrote to memory of 2624	404	wscript.exe	javaw.exe
PID 404 wrote to memory of 2624	404	wscript.exe	javaw.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1504

C:\Windows\system32\wscript.exe
wscript C:\Users\Admin\pzsjuirnnn.js
2⤵
- Suspicious use of WriteProcessMemory
PID:404

C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ufacnqibo.txt"
3⤵
PID:2624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ufacnqibo.txt
Filesize
92KB

MD5
40324e4190ca694d65c17b8142490c1e

SHA1
14f8a7fbd6580cc1146a04af95c37b6772bb5215

SHA256
943a982c65ebf476f6f454a95e4f8105f6c89d3e90d638113f718a208aa51db0

SHA512
885107f66e0441f1d14ae4f193bcacea831f46872ec74501d82f29af7e51731714acf8a63fce72dac557c20c6cd15d1e77734e3fa443bc28dd3cda5aca22f5b7

Download Submit
C:\Users\Admin\pzsjuirnnn.js
Filesize
204KB

MD5
df07d5680a1bcd9a5af8a5a1b6b52598

SHA1
b070b44d630ae454c34419e65d38850ee2ca6bfb

SHA256
1d10f4534674ce86f17ec22da471f3d472da1f6a15348238e4e289f0e0e4c0e0

SHA512
e1f742db062e02773a9cde941607b512bc97ac68f09bb2e249492303f28011116bcfab10c84f596cef45c7fd39da01f2715ba3ea6f8f429c984ac896ed821ee6

Download Submit
memory/1504-2-0x0000000002660000-0x00000000028D0000-memory.dmp

Filesize
2.4MB

Download
memory/1504-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1504-13-0x0000000002660000-0x00000000028D0000-memory.dmp

Filesize
2.4MB

Download
memory/2624-44-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-56-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-34-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-19-0x00000000023A0000-0x0000000002610000-memory.dmp

Filesize
2.4MB

Download
memory/2624-49-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-52-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-54-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-27-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-90-0x00000000023A0000-0x0000000002610000-memory.dmp

Filesize
2.4MB

Download
memory/2624-92-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-98-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-99-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-102-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2624-106-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download