Analysis
-
max time kernel
148s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
27-12-2023 05:14
Behavioral task
behavioral1
Sample
a4d701ab9770dada452925a014163a36.jar
Resource
win7-20231215-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
a4d701ab9770dada452925a014163a36.jar
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
a4d701ab9770dada452925a014163a36.jar
-
Size
88KB
-
MD5
a4d701ab9770dada452925a014163a36
-
SHA1
081bbee5fda2159af6a0ec6a6db11bbba8e985f7
-
SHA256
48ba29328ad82dfd72bfac6eede576867ebf6f39ec0a7f1691201d1a10d299c9
-
SHA512
42ac4f0c615caefcedcdcde5e4ba25d612171017200cb46d89c692e88ca3d484f92d7ce0be6557665b5bd07e8bd47491b87dc75d9c186d39ecc304afd46feccd
-
SSDEEP
1536:wQxJoWyS7JljI8hGD767DzUWVFXUQugUt8ms4sRuZhuO8bNqg1r:wkvPhPXhugUKghuO8bN/r
Score
7/10
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
Processes:
java.exedescription ioc process File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 2380 wrote to memory of 992 2380 java.exe icacls.exe PID 2380 wrote to memory of 992 2380 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\a4d701ab9770dada452925a014163a36.jar1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:992