f3e0a6e17eeda07acb7520a9dc68018ec070999042895e2e10dea6d60ff1d5b8

Analysis

max time kernel
49s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

der.jar
Size

1KB
MD5

d6c77989399c2f6afc7ae8c7b0246988
SHA1

9cada7fd1d13d04f72293fb56c2c4c599cf0b684
SHA256

f3e0a6e17eeda07acb7520a9dc68018ec070999042895e2e10dea6d60ff1d5b8
SHA512

0be1589227862eac0d591d7abb7ea644fd1ddadc2bad809c7d97b17a71cca205279839651cc2d6bb96d2002944db7192d0f9c8eba920cce39476fe2473530c4c

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1932	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1932	1604	java.exe	93
PID 1604 wrote to memory of 1932	1604	java.exe	93

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\der.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
eb34db097b7de6fe774548fac31727ce

SHA1
a8f6ffc31c606d2da088ad8f9e4fcae897291394

SHA256
344b85f4d9ae60bc69e131271e34847694fc1eb69845c9161e580ecf045374fb

SHA512
953f16715eea19462ffeac562fae8d08a5f5d78aa1de5e26ccdf7ba735f2d7cc96ac072c3c243baac589b3dc537f88188a30a0069386101abeb312fcf2a44882

Download Submit
memory/1604-4-0x0000013A5E1A0000-0x0000013A5F1A0000-memory.dmp

Filesize
16.0MB

Download
memory/1604-11-0x0000013A5C880000-0x0000013A5C881000-memory.dmp

Filesize
4KB

Download
memory/1604-14-0x0000013A5C880000-0x0000013A5C881000-memory.dmp

Filesize
4KB

Download