Overview

overview

7

Static

static

1

adb-toolki...GT.jar

windows7-x64

1

adb-toolki...GT.jar

windows10-2004-x64

7

adb-toolki...PE.jar

windows7-x64

1

adb-toolki...PE.jar

windows10-2004-x64

7

META-INF/c...binary

debian-9-armhf

1

superwipe/e2fsck

debian-9-armhf

1

superwipe/mkfs.ext4

debian-9-armhf

1

superwipe/...ipe.sh

ubuntu-18.04-amd64

superwipe/...ipe.sh

debian-9-armhf

superwipe/...ipe.sh

debian-9-mips

superwipe/...ipe.sh

debian-9-mipsel

superwipe/tune2fs

debian-9-armhf

1

superwipe/wipe.sh

ubuntu-18.04-amd64

superwipe/wipe.sh

debian-9-armhf

superwipe/wipe.sh

debian-9-mips

superwipe/wipe.sh

debian-9-mipsel

adb-toolki...pe.jar

windows7-x64

1

adb-toolki...pe.jar

windows10-2004-x64

7

adb-toolki...ip.jar

windows7-x64

1

adb-toolki...ip.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 04:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    adb-toolkit/bin/recovery/tools/zip/xoom2testzip.jar

  • Size

    124KB

  • MD5

    d351cc36feb84d23cf64f3426b5cb4de

  • SHA1

    5b7a5b99046612899e24ddecc220d199db3ffed4

  • SHA256

    586910c438eb1c465dd1be0366a05496ce5ed46160c4e91b85838323de0f981a

  • SHA512

    6f5ebeb531e583738b1c7552976611e1c72c89cdb79bc1995c8710446e5fed0a10b7baadb0bd66da60624a029cabad97d8016ba5b2516cfba212cb467d969c5c

  • SSDEEP

    3072:vCvWBlihKgnwPfZNuKGDeeA7i/5TrczFACYDzyGbY4fh6N:gOgomyfiTrA7i/1gzKXEN

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\adb-toolkit\bin\recovery\tools\zip\xoom2testzip.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:960

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          ce341811ae4bf07baa7c508c25b61e71

          SHA1

          02a05a1654a44e5211cea6a6bc567fc80e86c4d1

          SHA256

          0aa11f3d63df6ea1efc274fca8b148daea06e7cd31787e5cab9f33d2ee0622e5

          SHA512

          2ea71867c4534fd803ab6b31308f4676e103732d6a641814231db6c6d3977211480769c80155785f6ba5fe7c41032579dfdd4b8695fb1133540071725f240dd7

          Download Submit

        • memory/4088-4-0x000001C100000000-0x000001C101000000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/4088-11-0x000001C1707B0000-0x000001C1707B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4088-13-0x000001C100000000-0x000001C101000000-memory.dmp

          Filesize

          16.0MB

          Download