59ec302ae2e1ce1d95a445986737455f84961c2287a7b4fc381b601442fb18f2

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73b16707becb49081784b85180af8fe6.jar
Size

104KB
MD5

73b16707becb49081784b85180af8fe6
SHA1

4e69a183a5ec727a675efe11910e7a1257887bbd
SHA256

59ec302ae2e1ce1d95a445986737455f84961c2287a7b4fc381b601442fb18f2
SHA512

50aade2433198ea62483bb6ce0b74c9d8060a11d94c441bcd9c58a48551222e57be228cb422e86c485bc5b56e6857450d4799e8bc837cc07dfc34de471b892b0
SSDEEP

1536:a2ekI6k+IGOJ7hMjdNZSFd/H7Fjk8DdE/AbF9mq5RNP3KolPWmP/fZREB4Ajuzt7:aJk/hP27+/cF48Dj7mqLZQmP/fZRZzl

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1012	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1012	4472	java.exe	89
PID 4472 wrote to memory of 1012	4472	java.exe	89

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\73b16707becb49081784b85180af8fe6.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4472-2-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-11-0x000001BCB7DF0000-0x000001BCB7DF1000-memory.dmp

Filesize
4KB

Download
memory/4472-18-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-27-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-29-0x000001BCB7DF0000-0x000001BCB7DF1000-memory.dmp

Filesize
4KB

Download
memory/4472-38-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-47-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-56-0x000001BCB9650000-0x000001BCBA650000-memory.dmp

Filesize
16.0MB

Download
memory/4472-55-0x000001BCB7DF0000-0x000001BCB7DF1000-memory.dmp

Filesize
4KB

Download
memory/4472-57-0x000001BCB7DF0000-0x000001BCB7DF1000-memory.dmp

Filesize
4KB

Download
memory/4472-64-0x000001BCB7DF0000-0x000001BCB7DF1000-memory.dmp

Filesize
4KB

Download
memory/4472-151-0x000001BCB9A20000-0x000001BCB9A30000-memory.dmp

Filesize
64KB

Download