67172903baaafb492ca16f0cb9021df956447c198167e9d62a9faa6de72ad62d

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79def4107c06d12d623414432e9cf56a.jar
Size

6.3MB
MD5

79def4107c06d12d623414432e9cf56a
SHA1

35603b074d945c3769872abb2c3821a05c31c584
SHA256

67172903baaafb492ca16f0cb9021df956447c198167e9d62a9faa6de72ad62d
SHA512

c1d3c5e63a56722424d63f28e63aa22a4e5c26bc78bef4503a0b5249f868f646868402d0a5449f2cd570775d79e6fd9d75cf19d597d399fd473c4fb45fea6dec
SSDEEP

98304:d6jbLcd4wJPqTePG+zWNt6jbLcd4wJPqTePG+zWNl:kjbLcWyiTebvjbLcWyiTebK

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3940	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 3940	2620	java.exe	87
PID 2620 wrote to memory of 3940	2620	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\79def4107c06d12d623414432e9cf56a.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9b75d836dab043c250cdd6fd385fb921

SHA1
2749b0a3cc41c6a3e954a48932d535cb65d71a5a

SHA256
244f28cc9aa48fadb7e3ea9f36723515b22227531f9c9d54734bef40c68d8e16

SHA512
19008ebfbf3d61979d12d50583baf93c4c5bff5220fafe7a988af2f817074e08466e95bff070ead107f41fdd02e78b381e69ad807cf5840e76e49edbf9a80046

Download Submit
memory/2620-4-0x000001552DB00000-0x000001552EB00000-memory.dmp

Filesize
16.0MB

Download
memory/2620-11-0x000001552DAE0000-0x000001552DAE1000-memory.dmp

Filesize
4KB

Download