df2d2516e905cdc87a68ec456f881664a5b158ba810934251d7b70a740679588

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LegacyLauncher_legacy.jar
Size

9.2MB
MD5

45e7627b8542f033fc67ac7fb6d22537
SHA1

e6149d3d7d34f1ba3d8214e66433ce7dd25fb0bb
SHA256

df2d2516e905cdc87a68ec456f881664a5b158ba810934251d7b70a740679588
SHA512

a573ce983c6c93ef53459bffe16b9d442ca1906e58064e53444f74573f43ea2e62c7516823a3eb0f17fc3beadf6dc4fb4ba9b0094b6ef7f02c26d97e0f579f48
SSDEEP

196608:91SdSZ9fzJ+vzQWTvG5RORTW5mcqyd+Tt9t4y:9US+TqRZ2yd+h0y

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4404	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 4404	2392	java.exe	94
PID 2392 wrote to memory of 4404	2392	java.exe	94
PID 2392 wrote to memory of 2936	2392	java.exe	95
PID 2392 wrote to memory of 2936	2392	java.exe	95

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_legacy.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4404
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -Xmx128m -Dfile.encoding=UTF-8 -Dtlauncher.systemCharset=windows-1252 -Dtlauncher.logFolder=C:\Users\Admin\AppData\Roaming\.tlauncher\logs -classpath C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_legacy.jar ru.turikhay.tlauncher.bootstrap.Bootstrap
  2⤵
  - Drops file in Program Files directory
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
780abe2ae34a9a845d3a8552453ff345

SHA1
9013eeec2684acccb697d2ab5affce55d7592938

SHA256
b2635d723dc718836a7786e49aa451e1bbb5a5ece77396c297ddbf91514c3438

SHA512
eba63a3f2ea24e26a4b5d9004908cf35d5bd7287469f11ec609a0331c39fd2eca52601503df624e9a2c75a90231dff182ba52b9013a42c229e543e4b0f4aa774

Download Submit
memory/2392-4-0x000002298B6B0000-0x000002298C6B0000-memory.dmp

Filesize
16.0MB

Download
memory/2392-12-0x0000022989E70000-0x0000022989E71000-memory.dmp

Filesize
4KB

Download
memory/2392-14-0x0000022989E70000-0x0000022989E71000-memory.dmp

Filesize
4KB

Download
memory/2936-26-0x000001FEE6130000-0x000001FEE6131000-memory.dmp

Filesize
4KB

Download
memory/2936-27-0x000001FEE6130000-0x000001FEE6131000-memory.dmp

Filesize
4KB

Download
memory/2936-19-0x000001FEE7920000-0x000001FEE8920000-memory.dmp

Filesize
16.0MB

Download
memory/2936-32-0x000001FEE7920000-0x000001FEE8920000-memory.dmp

Filesize
16.0MB

Download
memory/2936-39-0x000001FEE7BB0000-0x000001FEE7BC0000-memory.dmp

Filesize
64KB

Download
memory/2936-42-0x000001FEE7920000-0x000001FEE8920000-memory.dmp

Filesize
16.0MB

Download
memory/2936-41-0x000001FEE7BD0000-0x000001FEE7BE0000-memory.dmp

Filesize
64KB

Download
memory/2936-40-0x000001FEE7BC0000-0x000001FEE7BD0000-memory.dmp

Filesize
64KB

Download
memory/2936-43-0x000001FEE7920000-0x000001FEE8920000-memory.dmp

Filesize
16.0MB

Download