8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208

Analysis

max time kernel
90s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 14:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe
Size

7.9MB
MD5

da7f06fb1ae86c897c87de1b08f53436
SHA1

cc95f134e3b191f5f20650618aafef430f89fe01
SHA256

8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208
SHA512

4e758a5124ce528daf984d7d1338d03d8166e14b70b7c2130ee27bc8da12e48a6c4db72182321cb0a1cdd1f704bcc99ad4ca533d690a4d0828a2c796c70729e0
SSDEEP

196608:UDNr518bhV8dkwDsHyBqXJmfhhvizcjcrsRowfRbmR2KVO/:UDNF2bhV8d9qlJmZOUcrao8mRHVu

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2804	icacls.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 3204	2148	8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe	86
PID 2148 wrote to memory of 3204	2148	8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe	86
PID 3204 wrote to memory of 2804	3204	javaw.exe	87
PID 3204 wrote to memory of 2804	3204	javaw.exe	87

C:\Users\Admin\AppData\Local\Temp\8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe
"C:\Users\Admin\AppData\Local\Temp\8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\8834a03fd4a8004f9bf0c40ee1344af5249ad72ef4a43803903301c8e25ad208.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
60c3caf1d9aa797e7a254daf7b43d537

SHA1
f0829d87587677d844970e8635bbe2358e731618

SHA256
e627f4cbbbd5fae66d43db88b463371c3ca3eb75d7251dcbacfb9e17f1c9a65e

SHA512
a1ad66d6c9cdbae25e4dd24e34529b24be2939994e3e5a96975fc9bee43cdf087157cf271a2f5fda5a5d9835a322a052faccb25aad616d39a86f672b0fdc9345

Download Submit
memory/2148-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3204-5-0x000001E99AE30000-0x000001E99BE30000-memory.dmp

Filesize
16.0MB

Download
memory/3204-13-0x000001E999420000-0x000001E999421000-memory.dmp

Filesize
4KB

Download
memory/3204-14-0x000001E99AE30000-0x000001E99BE30000-memory.dmp

Filesize
16.0MB

Download