060d4851769b37c553543f98955c98c4c6a0dd2faecafb7d87b61d201ce13698

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

410e1d09f6a289fa71a8eed48c507e48.jar
Size

99KB
MD5

410e1d09f6a289fa71a8eed48c507e48
SHA1

27852e56b97abb64ff223fcb2092d4ef91410bdf
SHA256

060d4851769b37c553543f98955c98c4c6a0dd2faecafb7d87b61d201ce13698
SHA512

5554dfa1985e7717bd259e27d221eec7a2fa66c43b45cf0217f6d82c558641e36a2c1802ab7ec719549b2246cc8b8e6532b8c5b76983b9f8dbcf87a22621411d
SSDEEP

3072:DtpqGaXrV3Cp3m5z0+LS7Ax1NfgKipxfju88a5/:JpqGaXrV3CU5rLS61NfgKivju8Z

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4116 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 5064 wrote to memory of 4116 5064 java.exe icacls.exe
PID 5064 wrote to memory of 4116 5064 java.exe icacls.exe

pid	process
4116	icacls.exe

description	pid	process	target process
PID 5064 wrote to memory of 4116	5064	java.exe	icacls.exe
PID 5064 wrote to memory of 4116	5064	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\410e1d09f6a289fa71a8eed48c507e48.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:5064

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d876d12e4ea0706ccc66538d86bb756a

SHA1
30cc627cd31d58c79ab300d0e66bf2848360f9cd

SHA256
0b1e997166aff8608c47a99104738d6b722c4d14e0233f54259ffd70117bd283

SHA512
97c63f2f7f436dafc6a53ee159c0ba8d6197b0799430799556bab5fb907b39d5e20f1bc77c805907d8645672386b67ce3e8efb078c4e9c333b82fb3dd64cb83f

Download Submit
memory/5064-67-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-175-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-59-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-28-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-36-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-48-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-52-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-53-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-19-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-12-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-107-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-78-0x0000023B9FA40000-0x0000023B9FA41000-memory.dmp

Filesize
4KB

Download
memory/5064-129-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-147-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-152-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-156-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-160-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-168-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download
memory/5064-4-0x0000023BA1300000-0x0000023BA2300000-memory.dmp

Filesize
16.0MB

Download