bd6135f2737dc4798423a23efc80cae6c0d603d869da5b2ba0602a781bd7ad1e

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

724acccdcf01cf2323aa095e6ce59cae.jar
Size

6KB
MD5

724acccdcf01cf2323aa095e6ce59cae
SHA1

4f23dc230b15e394021ac35dcbfa19e3004da36c
SHA256

bd6135f2737dc4798423a23efc80cae6c0d603d869da5b2ba0602a781bd7ad1e
SHA512

233f16f6d2e92e37d86cf807ac998858f1e755a2808c3966a4e9c2f5448684b8c6427cf02b98b354554c40269eb373accb3fd029e34ff9f41c62e722a2a8904c
SSDEEP

96:uyHT+jCQDSn/BQCQNV+Ro9OglLbqY3pdE1evgjlH+ExN+McXJaokgV0+yG//MaUg:T+OQ+/qC7UbqWpdB6DD+vJaNgm70

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3116	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 3116	1056	java.exe	87
PID 1056 wrote to memory of 3116	1056	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\724acccdcf01cf2323aa095e6ce59cae.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c8966cc8e10dc0c98e2040c06a3ddc3e

SHA1
902b0f7c1f0aeb9ba952b0024b20a406a505b865

SHA256
c70889449b539003f5ccc9e7fc091f9fad5a1942669d974569291836a43a3e4d

SHA512
d475a0017069a375b660df513a22fef6a869a34409fd9450e77dbccae43d3ba977b67827d911081e77f057197df838089ca1f572113d20199e6b94541c8f4525

Download Submit
memory/1056-4-0x0000029B127C0000-0x0000029B137C0000-memory.dmp

Filesize
16.0MB

Download
memory/1056-12-0x0000029B10FF0000-0x0000029B10FF1000-memory.dmp

Filesize
4KB

Download