d5b2c8c6fcb4f2a85e1f1e5ec3a9d003a8ac61c4768899c163ecabd4d46d1522

Analysis

max time kernel
1182s
max time network
1184s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
13-01-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

essential_1-3-0-1_fabric_1-20-1.jar
Size

50.0MB
MD5

7fddb2de8ec952f578668cab6328e785
SHA1

2660c8b1c3a8ba75d10aaaeac4fb006c050c22ee
SHA256

d5b2c8c6fcb4f2a85e1f1e5ec3a9d003a8ac61c4768899c163ecabd4d46d1522
SHA512

89889a383a9e6df70b9aa4f49e43cd0ad0c22f85fb0e3748dd74e2ca9442e5cae670a458d6169cdb45250fd9873851e9c7704db0bc95e609b575ee93cd90f0ff
SSDEEP

1572864:fMf6Lz8lVaCFrSeMEndsfCroDzDKEy2PW:fMyf8lVtFrI/XW

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2376	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 168 wrote to memory of 2376	168	java.exe	75
PID 168 wrote to memory of 2376	168	java.exe	75

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\essential_1-3-0-1_fabric_1-20-1.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:168
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
56a9b58fd4b65b623eae78290174c685

SHA1
eee299e2433cfe6d6c944d60d17745314b6f6060

SHA256
98569df6dcf2cba40c107e0faa9dcbe13d448c9a4ad85b142fd91181ea6f565c

SHA512
bf61feeb610835ef4f03986aefadd21853275ce7ed75ddba2e8d1aadfc8f5222cb045c2bdaad2d4adc311edeec195e0d9e0adbe0bac7410a80d7612aa2f4fac6

Download Submit
memory/168-4-0x000001E81E310000-0x000001E81F310000-memory.dmp

Filesize
16.0MB

Download
memory/168-12-0x000001E81CA30000-0x000001E81CA31000-memory.dmp

Filesize
4KB

Download
memory/168-13-0x000001E81E310000-0x000001E81F310000-memory.dmp

Filesize
16.0MB

Download