f8072b70de0274e7ab66807a7a0cb7eb340fd5605f626f44c6b92b53723772f7

Analysis

max time kernel
12s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b56b3aca6d7d4f2172ce0a049274877.jar
Size

123KB
MD5

2b56b3aca6d7d4f2172ce0a049274877
SHA1

32329e69b2bb0caa995364b2aa4b9621f750865d
SHA256

f8072b70de0274e7ab66807a7a0cb7eb340fd5605f626f44c6b92b53723772f7
SHA512

831adcd64a78c51a76fc658c90985897e49b72ab6bcbd771ced8e618bcd1ecf5518da6386992e49cb95d89ec1f5eebce1f00ea4b3e49234f9e77f2a51f27aecd
SSDEEP

3072:0OKOzBtFFQMfhxrhno5AoHNBqdOSCo5ks:MmBvqMbFuWMkF

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4624	icacls.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 4624	3568	java.exe	89
PID 3568 wrote to memory of 4624	3568	java.exe	89
PID 3568 wrote to memory of 1884	3568	java.exe	91
PID 3568 wrote to memory of 1884	3568	java.exe	91

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\2b56b3aca6d7d4f2172ce0a049274877.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4624
- C:\Windows\SYSTEM32\wscript.exe
  wscript C:\Users\Admin\_output.js
  2⤵
  PID:1884
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\GySjyuTJbo.js"
    3⤵
    PID:1416
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\mupdvmyzru.txt"
    3⤵
    PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d5efab84852b90347ca2c058e0b3aaff

SHA1
c6d6ede0e7e177bdcd9016b4743b8693da0500a1

SHA256
ef7848849ae5950340de957c874b9b90f868f2195abba915750432a988f65489

SHA512
9125b15ab02712179e3dc21c7e3747f3e8cd751f3ab50438175dcad5a1d67d5c55b024faed7df6718418065fefcdbc689bf2d8cb811c60f8a40925a25ab0ef1f

Download Submit
C:\Users\Admin\AppData\Roaming\GySjyuTJbo.js

Filesize
9KB

MD5
f62440f09898b39fea134065ef66629f

SHA1
6481a10130d0f04b618edffe25e447f361b610bd

SHA256
44c4da720bcd803731900f96e48662ea55da18b4fdcf1152192ca4322b9cb328

SHA512
cfdd9fe2ab94e698d6616e1a4143a0ecbb970f01259ce555fded0673a605e1b0799ed877a77c011b9ce0cf912c3fc3d693bb9796253199321606e9136b38b33f

Download Submit
C:\Users\Admin\AppData\Roaming\mupdvmyzru.txt

Filesize
64KB

MD5
e62a753c1627bb8469e33de4e4438f64

SHA1
ef0444619cd75ef33edb97ea79c2601d6cb2d67a

SHA256
a393d116e2e36c1365a7f79233d7c29ed49437565f702e3a3de0ca97da7e4efe

SHA512
778f81772652111e3da3c31089ba49b1b90f671aef41405fddc9c83434387952135703b403f99166bec116b3f573e38b708b6e27832732bc42d92297ce14d4fc

Download Submit
C:\Users\Admin\_output.js

Filesize
193KB

MD5
4318853a176d5131f68bb12610cf3c97

SHA1
79d939eefc5aede217e216934bc8b83271507aa8

SHA256
dd4296bc6397703d32c73bbda6dd2c497efc93af64a4e014b4803a00454225bf

SHA512
eac3796038e521799ad8e043fcac06e35b7f980530b5e34cd44b7e876f591223aaf21ff280b3249e01550d66d8922f589cf019a04884b2c3a69f3da1c7f3f4ca

Download Submit
memory/3568-4-0x00000179B2290000-0x00000179B3290000-memory.dmp

Filesize
16.0MB

Download
memory/3568-14-0x00000179B2270000-0x00000179B2271000-memory.dmp

Filesize
4KB

Download
memory/4128-40-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-36-0x0000012AB78E0000-0x0000012AB78E1000-memory.dmp

Filesize
4KB

Download
memory/4128-30-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-53-0x0000012AB78E0000-0x0000012AB78E1000-memory.dmp

Filesize
4KB

Download
memory/4128-56-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-68-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-69-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-70-0x0000012AB7900000-0x0000012AB8900000-memory.dmp

Filesize
16.0MB

Download
memory/4128-81-0x0000012AB78E0000-0x0000012AB78E1000-memory.dmp

Filesize
4KB

Download
memory/4128-83-0x0000012AB78E0000-0x0000012AB78E1000-memory.dmp

Filesize
4KB

Download