759cf2018b43bd88ff69b4736e91c3c76f16f5788e44af7e42b0124c35daa210

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LEDAMA VPN NO ADDTIME/LEDAMA VPN SOCKS/gradle/wrapper/gradle-wrapper.jar
Size

52KB
MD5

339746b848a78b370095eaffe15df105
SHA1

d5f2cff8bfce6bd848ee3dceb06393502f78ca7c
SHA256

198159fcd7d29533c0d37423d66c44729982d5280c9e2c7c5f4b7bc6a9317f6b
SHA512

fa5200a814b8a5fe94b58a8448ed233645c28b28c0d95fd3d2cadecc48fb6bc04a46f00796ab5c9d15df116e9dab4516807988051bb04e77608e020be590e5c6
SSDEEP

1536:TxEAJ6wvQqbX/LbQ4eh5AOkv01ttK1IXesHd6+3NS:mAJQaP3jeh5Av0fqHss2I

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4776	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 4776	3692	java.exe	56
PID 3692 wrote to memory of 4776	3692	java.exe	56

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\LEDAMA VPN NO ADDTIME\LEDAMA VPN SOCKS\gradle\wrapper\gradle-wrapper.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b8450d9d3f3cf80ce39d8392c2ef285a

SHA1
b330dff7b8c8666765f9e823d84838a0c6c49d35

SHA256
b9471e3a73fae96cfdfc1c8b6e073fd39912069fca6416b0a40b32aa553f66de

SHA512
2cada488ce2679d3ffd17b4beb90a159889236de93a65aae6658abb7cdc09acb26421b4e27c3598118318c5eab8345ad01c2029029035fd71242d22154cec7c7

Download Submit
memory/3692-4-0x00000180915B0000-0x00000180925B0000-memory.dmp

Filesize
16.0MB

Download
memory/3692-12-0x000001808FD60000-0x000001808FD61000-memory.dmp

Filesize
4KB

Download