Windows
Analysis Report
Mtcn_3259356251.jar
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- 7za.exe (PID: 5564 cmdline:
7za.exe x -y -oC:\ja r "C:\User s\user\Des ktop\Mtcn_ 3259356251 .jar" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) - conhost.exe (PID: 6496 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security | ||
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security | ||
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security | ||
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security | ||
JoeSecurity_BranchlockObfuscator | Yara detected Branchlock Obfuscator | Joe Security | ||
Click to see the 1 entries |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 DLL Side-Loading | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | ByteCode-JAVA.Trojan.Generic |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524314 |
Start date and time: | 2024-10-02 17:15:50 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Sample name: | Mtcn_3259356251.jar |
Detection: | MAL |
Classification: | mal56.evad.winJAR@2/6@0/0 |
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- VT rate limit hit for: Mtcn_3259356251.jar
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7EFF90CE4473875ED907C63A331DFAB9 |
SHA1: | E2FA23737A10537CCB602B4896C720FFCEC7DBA2 |
SHA-256: | A472D6E4E41F96623F1A0FCB807A3FCAE9F92C0D3002DE1BD46E7EC13E0E5B4A |
SHA-512: | 9A0DE3D6C9FB30FBA77F4BDBD339E24558ACD97D420B383DD3ABA2A488C159F36E25ED5A73EB4BC76D397810B97FAED4E69FF7D1A864305472C1CB7B331C0DF4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 037E739995E8B416E026129647D286A4 |
SHA1: | DDDFE83319FEC5AC9EB2586A18B656B39DFED48A |
SHA-256: | 0C7FD6D596AF8DAE7CC27B441D37DA402D0BED40186117E2D2ABCB4E46B761CA |
SHA-512: | 2BAF2FEC517A24032C43CBF1F37E64BB6E6A25D1EF2535B1FD168455E8C2C753E0EA1ACA869D13391CD0EE30D131B6746CB9C8466225568B6462887D5227482E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02D3B0D2DEDAE0D07B1D3637023DDFBE |
SHA1: | FEC3C69AA4608F38CEBF0E70C8A718C250BA383E |
SHA-256: | E3900C715D8B01613A7C390D5614B2D9B6275DBA50C23FB5F52DCE471E0A8AB0 |
SHA-512: | 10A4F020CC9E191F9129F7257D31EC462A44EB02118FABB0B233ABB032220AE744524B493BAF13A43264E0C21989E54B9A81E5B70A95B63E2204218618EA5E93 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1910 |
Entropy (8bit): | 5.638416376646757 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5F3999F081E00C16A16CC2CF796CA9E2 |
SHA1: | C5EE23B6E8C4E98C449FAF28A5903C90DC27F296 |
SHA-256: | 5D7A8BC53AC2B03DA99C979B81E82251621FA426797A4AE6762664307A3C5474 |
SHA-512: | BFF7859EA959A0D5900B44E9D9436174E3BD116D819B8160A7A2117E684570598B5E1CFDFE96A7561CC70720BD8986B3FD5D3D5E299C9AAC72363C4518E1D827 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.3223814310563275 |
Encrypted: | false |
SSDEEP: | |
MD5: | 19D6F7BE6B9650BB8A7D123D9AF140CA |
SHA1: | 236DC438C740CA47CDAD38B4E8A11DC68C2BC617 |
SHA-256: | B259CA872262845D624924A7160E43705D1294E4F1BD76B9B002B96A731C2B13 |
SHA-512: | B49B5EEFF707E64906FE53283C92ADCE3F6429C7ECAD62F8401FB55423FD23B66E2DDFD7035978EBA681504C50563105F9282E72F4B90B45725F9FE39D169029 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 93C681545707D0FA737F9E2CED053B53 |
SHA1: | 2AAA1D469798B58E30A51CEB3572CFDDC8BBE6B4 |
SHA-256: | 0E7085A7F954AB18345BC1E9660314D57039F46D56C5D1678CE2627433B1E593 |
SHA-512: | 1A4AEBABE29ECE9A57F14362D6642225363D26B5DDB4098673B7803E42CAE13C0E0A593F89462C3BD049E4B106219847A6E407CCE64F77C1714CE03E0A17128B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 100 |
Entropy (8bit): | 4.669051362478503 |
Encrypted: | false |
SSDEEP: | |
MD5: | D00A3614372F754698D56742CC828CCA |
SHA1: | 125839E99F42BFCB50591EBDD7F63D140137F105 |
SHA-256: | FF7E19C51ACFFC9536A95363BAA8907A1451DD47EF198FBB97F7CCCDCCEC7DB6 |
SHA-512: | 62F21366D93775AAF8169B886AD12BCFDD1E90D2A9EAB032C42EAD71555EE3E79ACA623BFF71520B52966C43626937E8E701EDC8AA211CF7A554C77A8B77E3A0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 927 |
Entropy (8bit): | 5.304923559398452 |
Encrypted: | false |
SSDEEP: | |
MD5: | FACE0D0C3AD39AECEF2880F36E156ADB |
SHA1: | 58C597221E34F1BA0735FF7D797C436073813E0C |
SHA-256: | B5103DCB373D9C6461B76D27001B9596507678E28FFB198190CC886B408D4B78 |
SHA-512: | 284882E7079145BC2FE291EB168F480B31308E3D79A637B8FCD5757899FE15B666DCC4C6EE96FD0A565907E0FAF278CE9CF779F29EE6828E18B9E1DBE13165C0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104 |
Entropy (8bit): | 4.40421610287363 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7C0AAD60D9A887897B3563E37CFDAF48 |
SHA1: | BC4B3E861751C2AE4AF1FB1CF33B54016B9BE768 |
SHA-256: | 3AAECB0973EDE808479C38A60BCF9BB263583251CED7B182C7114227A1E06794 |
SHA-512: | 4E2EDC1E67F04297FE6F1D9EA3A2361A3C110509033FAE9689B9095005BEC5C02AC8247CC2A28FDDB023F3654CD3BB4D13E079C9F7C0EBB231F1B864562BFB76 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | C773134F2961F92EC4D4C7376A188EAC |
SHA1: | 4A8FB78B89671DBC2A8EF3F85C18B411C5738B60 |
SHA-256: | 1057DC7DF9A7069EACF3AB5E1F3A811A40BFDF59959A012888C050020E68B13B |
SHA-512: | A6B498A7420B7900CC1067D79EF965418A3A78B825539C197DE6C67A2DCE7A0076B07197E699231DF8E68FB8B0D806CFB2A52CF7F47050D8BDEF9BFDCD193A08 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104 |
Entropy (8bit): | 4.40421610287363 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9C2C21B7B02F650876C7C0A37899F105 |
SHA1: | 1B2C6B209B8998B40331B9F4CE4FE5C02DF613A5 |
SHA-256: | FF8259BD3D00DB0CE327ADED0877B44B74EEA9EB0D31D376CFC22769E1375F2A |
SHA-512: | 9CBC6EB8360CC32D53B1E057B8F85529EC5CDFE9C66343326BC7E3B67D7CD28FD7070EC1E4C13BEB72DE5B1354DD00DC04CFA176338E7C64B3F5E79B484E8EA0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 36002F883492B1165D7ECADBEAADAAB3 |
SHA1: | 9E2409975E6CAF4DA213C1732EEAD2AE74FEF8DE |
SHA-256: | 53D903FEF00E7085BF4DF2F035F183F374C515B96FB20149C3F0FC8E607E1979 |
SHA-512: | 25DA99F71370F160D2FE6756C5CCC1F6DC36725866CF7EB2A7A849F9031AED2D2D4EB59C109757C278F48F6B324FFDBF07C0A6D512D29636055C0A19AAF614E3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94D2D24D45BEAA7FD21817EE2CC312B7 |
SHA1: | 163E785BE441B119EF092F47AD74EA82372B4887 |
SHA-256: | 83F60A7F33B6F42163EB90D03630B516A5F0575155E147EC66C216271F946CDB |
SHA-512: | AFD9C52B7EB7B861232FD9A7FF4293F99A6F67EE23B7C178B110D43F4B3F54E46A520CA4E1AFF40E2C5A38E38354196C464BF731D6B218F951A6DE4CC6E62288 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 4.757338922912221 |
TrID: |
|
File name: | Mtcn_3259356251.jar |
File size: | 150'182 bytes |
MD5: | 7fefa6601ba7798f5a92c4907a04d675 |
SHA1: | a44d75a42ac89a7d5060578e681f20993eccb76f |
SHA256: | 3dbba68c10b532ecbd126c1172717d7f6c63d3e3fc4978aa8f58a919269b6374 |
SHA512: | 23f2d336dadbb462c5145518deab13e1ac73cd78aa98e5079d34f0a2a4965d785022dc824138f14cd63ab218c347dc8cf7df795f372021b5e74b99027066505f |
SSDEEP: | 384:TtEueLDrbKejfr2avpAoPOstr5JUxxx/mxeUly8bWct8A:REueLuUr2OhtfIxxexeUbbfd |
TLSH: | B3E375DCF66798E13B0BFDF27B849A9624C56AFCD71B901145612E31C42C43CEE84DAA |
File Content Preview: | PK..........*Y................META-INF/MANIFEST.MFUT...@..f.....M..LK-...K-*....R0.3..M...u.I,..R()./O-...t..K2......PK..AU..6...8...PK........Cg*Y............(...net/branchlock/layout/references/F.class;.o.>.....VF...............l.................b}7v.Fb |
Icon Hash: | d08c8e8ea2868a54 |