8ac04875976ff5f2b443dde670ba53f812e7ffff42e72336482081bacb337f38

Resubmissions

29/12/2023, 08:01

231229-jw3ndsgah2 7

29/12/2023, 07:56

231229-jsp8wscgfm 7

Analysis

max time kernel
434s
max time network
446s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_9420AD2F98EF4A71E4810AE1456EE580.jar
Size

41KB
MD5

f57b10e02773df406fe9bc403b2542a5
SHA1

3b8a2113a4dadb164d998c771516fe98c08dab73
SHA256

5b4f0bf1a252d510f242e09b7d83cc797d18823b36b9981dcb3b8335d0246ba9
SHA512

d58e51a48e165cea62d74a357be911df49860722d30aa93153e8ce1f46ff79f95935e36d20ee2019ba7cb87e3cf530553e1a9156f8fe63e15f3505328c7850f0
SSDEEP

768:2mcVBgQl4JMn628Ae+sGGO7fHcRsn7NpRWhBUPdb1pBYGOY/9XBLcRRhsiMVm:2mcAQl4JnhAe5kaofRWvUFbJJP6RhdM0

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3404	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 3404	1344	java.exe	90
PID 1344 wrote to memory of 3404	1344	java.exe	90

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\_9420AD2F98EF4A71E4810AE1456EE580.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f1f97e95caf1c9979d39b6123ebee649

SHA1
5a350be2e4509fa05cfa3db361ab119d32700547

SHA256
2047222b68ace19f9e163da54b8fc9c0593db6e6d30c36843ea1b1ca71404b36

SHA512
97c2cf56a589c024aa3b48927be0c1926c7c2b80bb166c53ce7e9a35af01ab1799b434fea09de9211b568e7cc22cce85a08746f8e9ef50cd7c241e106d12f5a1

Download Submit
memory/1344-4-0x0000027E80000000-0x0000027E81000000-memory.dmp

Filesize
16.0MB

Download
memory/1344-12-0x0000027EF7D70000-0x0000027EF7D71000-memory.dmp

Filesize
4KB

Download