50f2aabb46005712e2dc0125e87278bc7c1faa4456e6aa2b6315d63c07cd51bc

Analysis

max time kernel
30s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chunky-1.3.52.jar
Size

267KB
MD5

b038e2594a476461cc522e795fc07479
SHA1

703dca4a7cdcdb4c0902a7d2b77514e67719d986
SHA256

50f2aabb46005712e2dc0125e87278bc7c1faa4456e6aa2b6315d63c07cd51bc
SHA512

ff34a7567e118587851baa049de8629b2a06b2bf2674556bf9094e9b79d612fabab1ca0a36fe9e129c4dac5d9b63a29e8accba0c0c0c96d23d1b98769c6a7a74
SSDEEP

6144:3ucadm4GZLNg1k2GrUkUu1eviASYL1QQJu9rxYMAtlqqa:Net6pg1k2yUkUwevXBpQt2t7g

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
388	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 388	3016	java.exe	86
PID 3016 wrote to memory of 388	3016	java.exe	86

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Chunky-1.3.52.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
741379cc5c59c2ef185ebd66e8637175

SHA1
7a8a1e957182f27638eb978c8ee0cc230ce915c3

SHA256
c258ea769b0e327466a9ec5f25521fa53feb0fbfc214d492d279cf447eb8c130

SHA512
d71e2b517fd4121bb35cfe8c56bc34e2656d46bf921fd70d0803cdfbbb417a2c34a871b95d5dc0eb0e8b6301497137d032031241fa99490b3b73efe9a058747a

Download Submit
memory/3016-4-0x00000230BBFB0000-0x00000230BCFB0000-memory.dmp

Filesize
16.0MB

Download
memory/3016-12-0x00000230BA6D0000-0x00000230BA6D1000-memory.dmp

Filesize
4KB

Download