5ab65dec1c7cc7dfd104388e6c4538a0c6d748742bb4126b8634615e5639168a

Analysis

max time kernel
35s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ipchanger/Installer.exe
Size

1.7MB
MD5

d41ac75f93a8630513c960af97330c13
SHA1

9c288e1efd2da8c5701f0f1957e5eff60a7ef0be
SHA256

3b9f6b54369dfbe2609ed8d9f2c703d87606ceb555da926de068756484f34ec7
SHA512

ed26df6e6f77c5bdd30525cb7409e727aaa8fad2c960f00e7c62fab8e03c3e1e787121f7ae237b2c49d31e7b6a791c642e9567028a8b7c8f6a3e2801863529e6
SSDEEP

49152:nLAIyRbJwyvQRQYR7c6GpSAC2BwVKmbJLBCaRTbV:nLAJ+klplwRXV

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4928	icacls.exe

C:\Users\Admin\AppData\Local\Temp\ipchanger\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ipchanger\Installer.exe"
1⤵
PID:3524
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Yaasiu.jar"
  2⤵
  PID:4312
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:4928
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\java_u.jar"
    3⤵
    PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1016-76-0x0000023641060000-0x0000023641061000-memory.dmp

Filesize
4KB

Download
memory/1016-91-0x0000023641060000-0x0000023641061000-memory.dmp

Filesize
4KB

Download
memory/1016-121-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-43-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-47-0x0000023641060000-0x0000023641061000-memory.dmp

Filesize
4KB

Download
memory/1016-60-0x0000023641060000-0x0000023641061000-memory.dmp

Filesize
4KB

Download
memory/1016-64-0x0000023656DA0000-0x0000023656DB0000-memory.dmp

Filesize
64KB

Download
memory/1016-114-0x0000023656DA0000-0x0000023656DB0000-memory.dmp

Filesize
64KB

Download
memory/1016-105-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-79-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-78-0x0000023641060000-0x0000023641061000-memory.dmp

Filesize
4KB

Download
memory/1016-94-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-97-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-98-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/1016-100-0x0000023641080000-0x0000023642080000-memory.dmp

Filesize
16.0MB

Download
memory/4312-18-0x000001BCE8E70000-0x000001BCE8E71000-memory.dmp

Filesize
4KB

Download
memory/4312-8-0x000001BCE8E90000-0x000001BCE9E90000-memory.dmp

Filesize
16.0MB

Download
memory/4312-35-0x000001BCE8E70000-0x000001BCE8E71000-memory.dmp

Filesize
4KB

Download