Edit tour
Windows
Analysis Report
DWG Material, Standard BS 4360 GR. 40A43A.jar
Overview
General Information
| Sample Name: | DWG Material, Standard BS 4360 GR. 40A43A.jar |
| Analysis ID: | 705884 |
| MD5: | f5f4e477595a3a7070ee43f0e044b644 |
| SHA1: | 26ce44fe72446eda537519d3d93253232a8bddca |
| SHA256: | 7cd39be56600bf17c8a7753c6be6d6aa91233294d1a3fe30afe2905adf1e286b |
| Infos: | |
 | |
Detection
| Score: | 72 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Exploit detected, runtime environment starts unknown processes
Uses dynamic DNS services
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Detected TCP or UDP traffic on non-standard ports
Internet Provider seen in connection with other malware
Contains functionality to detect virtual machines (SLDT)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Classification
- System is w10x64
cmd.exe (PID: 6056 cmdline: C:\Windows \system32\ cmd.exe /c 7za.exe x -y -oC:\j ar "C:\Use rs\user\De sktop\DWG Material, Standard B S 4360 GR. 40A43A.ja r" MD5: 4E2ACF4F8A396486AB4268C94A6A245F) 
7za.exe (PID: 3232 cmdline: 7za.exe x -y -oC:\ja r "C:\User s\user\Des ktop\DWG M aterial, S tandard BS 4360 GR. 40A43A.jar " MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
- cmd.exe (PID: 1520 cmdline:
"C:\Window s\System32 \cmd.exe" /c java.ex e -jar "C: \Users\use r\Desktop\ DWG Materi al, Standa rd BS 4360 GR. 40A43 A.jar" de >> C:\cmdl inestart.l og 2>&1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5164 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) 
java.exe (PID: 1396 cmdline: java.exe - jar "C:\Us ers\user\D esktop\DWG Material, Standard BS 4360 GR . 40A43A.j ar" de MD5: 28733BA8C383E865338638DF5196E6FE) - icacls.exe (PID: 5144 cmdline:
C:\Windows \system32\ icacls.exe C:\Progra mData\Orac le\Java\.o racle_jre_ usage /gra nt "everyo ne":(OI)(C I)M MD5: FF0D1D4317A44C951240FAE75075D501) - conhost.exe (PID: 4948 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - javaw.exe (PID: 1308 cmdline:
C:\Program Files (x8 6)\Java\jr e1.8.0_211 \bin\javaw " -jar "C: \Users\use r\AppData\ Local\Temp \dropbox27 7048960684 1359802.ja r MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
- javaw.exe (PID: 2972 cmdline:
C:\Program Files (x8 6)\Java\jr e1.8.0_211 \bin\javaw .exe" -jar "C:\Users \user\AppD ata\Local\ Temp\dropb ox27704896 0684135980 2.jar MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
- javaw.exe (PID: 3276 cmdline:
C:\Program Files (x8 6)\Java\jr e1.8.0_211 \bin\javaw .exe" -jar "C:\Users \user\AppD ata\Local\ Temp\dropb ox27704896 0684135980 2.jar MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp: | 194.5.98.141192.168.2.35445497142811175 09/20/22-03:43:09.235557 |
| SID: | 2811175 |
| Source Port: | 5445 |
| Destination Port: | 49714 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.3194.5.98.1414971654452811176 09/20/22-03:43:09.236098 |
| SID: | 2811176 |
| Source Port: | 49716 |
| Destination Port: | 5445 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.3194.5.98.1414971454452811176 09/20/22-03:43:09.236313 |
| SID: | 2811176 |
| Source Port: | 49714 |
| Destination Port: | 5445 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 194.5.98.141192.168.2.35445497162811175 09/20/22-03:43:09.235529 |
| SID: | 2811175 |
| Source Port: | 5445 |
| Destination Port: | 49716 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.3194.5.98.1414971054452811176 09/20/22-03:43:09.235958 |
| SID: | 2811176 |
| Source Port: | 49710 |
| Destination Port: | 5445 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 194.5.98.141192.168.2.35445497102811175 09/20/22-03:43:09.235489 |
| SID: | 2811175 |
| Source Port: | 5445 |
| Destination Port: | 49710 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||