Overview

overview

7

Static

static

1

adb-toolki...GT.jar

windows7-x64

1

adb-toolki...GT.jar

windows10-2004-x64

7

adb-toolki...PE.jar

windows7-x64

1

adb-toolki...PE.jar

windows10-2004-x64

7

META-INF/c...binary

debian-9-armhf

1

superwipe/e2fsck

debian-9-armhf

1

superwipe/mkfs.ext4

debian-9-armhf

1

superwipe/...ipe.sh

ubuntu-18.04-amd64

superwipe/...ipe.sh

debian-9-armhf

superwipe/...ipe.sh

debian-9-mips

superwipe/...ipe.sh

debian-9-mipsel

superwipe/tune2fs

debian-9-armhf

1

superwipe/wipe.sh

ubuntu-18.04-amd64

superwipe/wipe.sh

debian-9-armhf

superwipe/wipe.sh

debian-9-mips

superwipe/wipe.sh

debian-9-mipsel

adb-toolki...pe.jar

windows7-x64

1

adb-toolki...pe.jar

windows10-2004-x64

7

adb-toolki...ip.jar

windows7-x64

1

adb-toolki...ip.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 04:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    adb-toolkit/bin/recovery/tools/zip/SuperWipe.jar

  • Size

    143KB

  • MD5

    d123fd26e4a691983d6588d4cd291785

  • SHA1

    fc56aeddddb29e8ae2b3167df84e1050a4e8d6dd

  • SHA256

    cc870a317b94d33eff3e6d20590ecd7d574125a4f8d820faa2a55fa2ace70e3a

  • SHA512

    0b47edfa67881fca0d11062d6ae0717cc425e5142ad3e5ae8df4452a32bc9da93d4722e5e6a7c91953b495c9897b0267c3f9e0b1836b0f0fd66b215b72623752

  • SSDEEP

    3072:ABfL8nd4ZiIRxwGwetnjMynVARiTb4En1ZZWXppB7e3cU:AVL8G3PxXnVCS1ZZWxwcU

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\adb-toolkit\bin\recovery\tools\zip\SuperWipe.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3744

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          3f29b988aedadccdf5a33c214a00e81d

          SHA1

          1826a8b2d29bc147134bb5df475bb02b45d92a2b

          SHA256

          7345751558417598dc40c8cd2af8bfd688feecc9ad07245bf3e59470147be64d

          SHA512

          3480433ace8b61de0fddfb1355cdb2cc9f128ffb36dc6f7ac284a66f117b473592bc84534b382d416a2ce42cb8da3f27f5e07675bc1aed9d7f17bbaee6236860

          Download Submit

        • memory/4560-4-0x00000248D5900000-0x00000248D6900000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/4560-12-0x00000248D40D0000-0x00000248D40D1000-memory.dmp

          Filesize

          4KB

          Download