1ec0a2a6f9f318919a5e3e811c39632cbfd130d7ce6d4001a02d645e8366ecd9

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apache-commons-compress.jar
Size

617KB
MD5

3f7237fb56029591b5bdd2698c196220
SHA1

b8df472b31e1f17c232d2ad78ceb1c84e00c641b
SHA256

0aeb625c948c697ea7b205156e112363b59ed5e2551212cd4e460bdb72c7c06e
SHA512

5d3ce7ae4518c0fe5094b512c5c4825cc213ebc388e1e1e7692475406d5876c893140e5bbaaecb1676262a6b73c7250d40b83653cd03600815693474f92f0fa7
SSDEEP

12288:5c+UaUm1JmC3JE8IA9rrfjEW+BTiPZ3OjWekvYn1+EEHJUrsaK:5cD1m1JHK8IC/rEbTix32WekAn1+EEHR

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2092	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 2092	3988	java.exe	90
PID 3988 wrote to memory of 2092	3988	java.exe	90

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\apache-commons-compress.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
270e1a0a17d99552fb79e1bbb8237b63

SHA1
f8ac0a48ce453b0bbb9d37e83e7a9cb1d7aca39a

SHA256
f3f5fa88b9dc7ebaad01d86a2e4b5c7e2a28f86595dc437a08b9e5da40dd34d5

SHA512
4b74c4543c2c78e69deffffb42dad203d35f4191dcb9ca7419d6d42334fdc1557104fc212a46d5e4d135e37d8ea4859b8260ddf48a341dbc78ec9778f4b584f8

Download Submit
memory/3988-4-0x0000025757500000-0x0000025758500000-memory.dmp

Filesize
16.0MB

Download
memory/3988-12-0x0000025755CE0000-0x0000025755CE1000-memory.dmp

Filesize
4KB

Download
memory/3988-14-0x0000025757500000-0x0000025758500000-memory.dmp

Filesize
16.0MB

Download