Overview

overview

7

Static

static

3

Space.exe

windows7-x64

1

Space.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Space.exe

  • Size

    9.3MB

  • MD5

    1bf373c53de45aed1c626510fb8c3c74

  • SHA1

    5657e19b4fb86470e91afc67d6f71d8668b61dc4

  • SHA256

    34a5d22f282df6e3d88adda858dcdb20914eb18a94fd1f9bef753ff7d9c90ad8

  • SHA512

    46bc690373242b0c60a5612c52e62554455d1862a4ebc2cf195505509cb84ff0406f2237b5c114b8e7c18a4241cb1688bd1c70d030e565c2404688ab9a02b8ec

  • SSDEEP

    196608:jyIcfQSG/xGrNZGQd68Q5ABTVHJack+YlGlSRRC:jy3I/xU1d68OAFacJYlTU

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Space.exe
    "C:\Users\Admin\AppData\Local\Temp\Space.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\AppData\Local\Temp\Space.exe" org.develnext.jphp.ext.javafx.FXLauncher
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:384
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    c7ebe72c4b017e992503593cf1124c20

    SHA1

    235cd4be2132b3ff2e98a56c09fa8bf93a83b07a

    SHA256

    4646d58301c7ab2ed857e1b238e7f7fc16147f445542dff005c2dd54fe4c1648

    SHA512

    10d625a32c92ef8460170c4a49e4f02deb5e09d0a9926e4d4b533ebbf0c41735916183ab732e995362f9fd021a693208ada7b83462edbb47e7519e59369cf073

    Download Submit

  • memory/384-33-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-13-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-61-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-67-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-21-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-23-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-28-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-48-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-141-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-3-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-14-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-71-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/384-94-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-96-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-100-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-103-0x000001FAD4630000-0x000001FAD4631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/384-133-0x000001FAD6030000-0x000001FAD7030000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/756-0-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download