Malware Uses JAR | VMRay Analyzer Report
Try VMRay Analyzer
Analysis Information
Creation Time 2016-09-02 09:55 (UTC+2)
VM Analysis Duration Time 00:06:54
Execution Successful True
Sample Filename Duplicata0.jar_.jar
Command Line Parameters False
Prescript False
Number of Processes 14
Termination Reason Timeout
Download Function Logfile Generic Logfile PCAP STIX/CybOX
Remarks VM rebooted
Truncate overall sleep time from 0 seconds to 0 seconds
VTI Information
VTI Score
94 / 100
VTI Database Version 2.3
VTI Rule Match Count 32
VTI Rule Type Default (PE, ...)
Tags
The tags feature is only available in the fully licensed version of VMRay Analyzer.
Screenshots
Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


ID PID Monitor Reason Image Name Command Line Origin ID
#1 0xb6c Analysis Target java.exe "C:\Program Files\Java\jre1.8.0_92\bin\java.exe" -jar "C:\Users\DSsDPMx042\Desktop\Duplicata0.jar"
#2 0xbf8 Child Process regsvr32.exe regsvr32.exe /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96 #1
#3 0x4f0 Injection explorer.exe C:\Windows\Explorer.EXE #2
#5 0xef8 Child Process cmd.exe cmd /k "C:\Users\Public\N3Eg\N3E.vbs" #3
#6 0xf28 Child Process wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\N3Eg\N3E.vbs" #5
#7 0x494 Child Process wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\N3Eg\N3E.vbs" uac #6
#8 0x960 Child Process sc.exe "C:\Windows\System32\sc.exe" config WinDefend start= disabled #7
#9 0x6b0 Child Process net.exe "C:\Windows\System32\net.exe" localgroup HomeUsers /delete DSsDPMx042 #7
#10 0x9bc Child Process net1.exe C:\Windows\system32\net1 localgroup HomeUsers /delete DSsDPMx042 #9
#11 0x69c Child Process cmd.exe "C:\Windows\System32\cmd.exe" /k echo a > "C:\Users\Public\N3Eg\uc" #7
#12 0x660 Child Process cmd.exe "C:\Windows\System32\cmd.exe" /k shutdown -r -t 0 -f #7
#13 0x9ec Child Process shutdown.exe shutdown -r -t 0 -f #12
#14 0x574 Analysis Target regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Public\N3Eg\N3Eg2.51N3E" #96
#15 0x470 Injection explorer.exe C:\Windows\Explorer.EXE #14
Sample Information
ID #866585
MD5 Hash Value 53e9f702c6ca434311cc05f09acf1923
SHA1 Hash Value fba04d13da22168a6f6d0e0a9d893b0938d4abbf
SHA256 Hash Value a2b467819bd03974f8b4ac326d9d488eb80680ee43cea984e160922122f1f048
Filename Duplicata0.jar_.jar
File Size 27.46 KB (28123 bytes)
File Type Java Archive
Analyzer and Virtual Machine Information
Analyzer Version 1.11.0
Analyzer Build Date 2016-09-01 14:29 (UTC+2)
VM Name win7_32_sp1-apache
VM Description win7_32 run apache
VM Architecture x86 32-bit PAE
VM OS Windows 7
VM Kernel Version 6.1.7601.17514 (684da42a-30cc-450f-81c5-35b4d18944b1)
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 



    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image