4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2023 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf.exe
Size

340KB
MD5

80d77096a5a7f1ba7d2ba20a67256b7c
SHA1

7e9a63d1defca98e44b6755771d91793d1e7188c
SHA256

4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf
SHA512

be9ae22e253b5237a37013789e2bf6361f372f5695aee5c0c7fa6df8f5e92a02929594bd5798d59b0fb2dfb8474185c0e0d6f51e42ee3c0661c71609ef17e374
SSDEEP

6144:ad+cR8SwOxSl2Yd82pqrnSzeIgNV1Nw2zflWgQulnhf4QlfE/CvjbRhV:ad+MpCVzqTMeIO31zCq4c4CvjbzV

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3204	icacls.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 3628	1212	4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf.exe	86
PID 1212 wrote to memory of 3628	1212	4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf.exe	86
PID 3628 wrote to memory of 3204	3628	java.exe	90
PID 3628 wrote to memory of 3204	3628	java.exe	90

C:\Users\Admin\AppData\Local\Temp\4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf.exe
"C:\Users\Admin\AppData\Local\Temp\4ea75c9cc24d3b5268ecc003421a7465862e84c86de4ecaf31fbfa6ab2816ddf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  c:\PROGRA~1\java\jre-1.8\bin\java.exe -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3628
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9e4397e324ca62ce8a8a2538697f8c5c

SHA1
bd91d5335abd46164fb9a70b45486f6f538575a1

SHA256
e57e6f749ffc03e33f4f397d1a5569744761df838b3fd1c8ba604ec2a0512f25

SHA512
0a50afab6788ef3d0180fcfa09c2a2dbe156ab5659d81d8b5a0b427c676e072ffcbe463cee6561175e32be553e609a2692a76c4b620a34ddbe17d6de3bf04994

Download Submit
memory/1212-25-0x00000000028F0000-0x00000000038F0000-memory.dmp

Filesize
16.0MB

Download
memory/1212-28-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/3628-3-0x000001C640CF0000-0x000001C641CF0000-memory.dmp

Filesize
16.0MB

Download
memory/3628-12-0x000001C63F480000-0x000001C63F481000-memory.dmp

Filesize
4KB

Download