Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 01:58
Behavioral task
behavioral1
Sample
827c3d5ba4711d93931b11cbe27854c0.jar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
827c3d5ba4711d93931b11cbe27854c0.jar
Resource
win10v2004-20231215-en
General
-
Target
827c3d5ba4711d93931b11cbe27854c0.jar
-
Size
218KB
-
MD5
827c3d5ba4711d93931b11cbe27854c0
-
SHA1
f1fb8c24ca14f16c9de0dba5de099e3030b14d3b
-
SHA256
34f8e073235ed6822c7362606a72546b0313c401f4a2a46e28d7242d4c745dda
-
SHA512
1f34c7dd62dd5e508f381cdd73faced92b42b7c9fd860a8dd37456612152f8bbe855d677cad4fd2999e32531c36169ded58355b1cf4a686a185f51ffb382ed2c
-
SSDEEP
6144:/rAMqiBDwJx71TFd3iaJqYjSj51Kd9pcqfjW:kdiaP1T/iwM/K9uYW
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 4468 wrote to memory of 1436 4468 java.exe icacls.exe PID 4468 wrote to memory of 1436 4468 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\827c3d5ba4711d93931b11cbe27854c0.jar1⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD502eb0e00486c7866f9454aee64db84a0
SHA1761a6c06b6e931f034a9b534e1d8a9b79859ede8
SHA256facc868c427ecaf5ab9a29fa4dba1c4f744edd9bd143bf1716b5607ab2869bd3
SHA512cf4e077979775fab6d00cd3bb4e0c8d7d41876a3b6b37bdc92c9fe78edb8769a15caafb650de3515956c7dcbeeee76213f21678d32a3bace3bd3bb9665e39aa6