Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2024, 09:25
Static task
static1
Behavioral task
behavioral1
Sample
79def4107c06d12d623414432e9cf56a.jar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
79def4107c06d12d623414432e9cf56a.jar
Resource
win10v2004-20231215-en
General
-
Target
79def4107c06d12d623414432e9cf56a.jar
-
Size
6.3MB
-
MD5
79def4107c06d12d623414432e9cf56a
-
SHA1
35603b074d945c3769872abb2c3821a05c31c584
-
SHA256
67172903baaafb492ca16f0cb9021df956447c198167e9d62a9faa6de72ad62d
-
SHA512
c1d3c5e63a56722424d63f28e63aa22a4e5c26bc78bef4503a0b5249f868f646868402d0a5449f2cd570775d79e6fd9d75cf19d597d399fd473c4fb45fea6dec
-
SSDEEP
98304:d6jbLcd4wJPqTePG+zWNt6jbLcd4wJPqTePG+zWNl:kjbLcWyiTebvjbLcWyiTebK
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3940 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2620 wrote to memory of 3940 2620 java.exe 87 PID 2620 wrote to memory of 3940 2620 java.exe 87
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\79def4107c06d12d623414432e9cf56a.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD59b75d836dab043c250cdd6fd385fb921
SHA12749b0a3cc41c6a3e954a48932d535cb65d71a5a
SHA256244f28cc9aa48fadb7e3ea9f36723515b22227531f9c9d54734bef40c68d8e16
SHA51219008ebfbf3d61979d12d50583baf93c4c5bff5220fafe7a988af2f817074e08466e95bff070ead107f41fdd02e78b381e69ad807cf5840e76e49edbf9a80046