Analysis
-
max time kernel
49s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 21:45
Static task
static1
Behavioral task
behavioral1
Sample
der.jar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
der.jar
Resource
win10v2004-20231222-en
General
-
Target
der.jar
-
Size
1KB
-
MD5
d6c77989399c2f6afc7ae8c7b0246988
-
SHA1
9cada7fd1d13d04f72293fb56c2c4c599cf0b684
-
SHA256
f3e0a6e17eeda07acb7520a9dc68018ec070999042895e2e10dea6d60ff1d5b8
-
SHA512
0be1589227862eac0d591d7abb7ea644fd1ddadc2bad809c7d97b17a71cca205279839651cc2d6bb96d2002944db7192d0f9c8eba920cce39476fe2473530c4c
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 1932 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1604 wrote to memory of 1932 1604 java.exe 93 PID 1604 wrote to memory of 1932 1604 java.exe 93
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\der.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1932
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5eb34db097b7de6fe774548fac31727ce
SHA1a8f6ffc31c606d2da088ad8f9e4fcae897291394
SHA256344b85f4d9ae60bc69e131271e34847694fc1eb69845c9161e580ecf045374fb
SHA512953f16715eea19462ffeac562fae8d08a5f5d78aa1de5e26ccdf7ba735f2d7cc96ac072c3c243baac589b3dc537f88188a30a0069386101abeb312fcf2a44882