Overview

overview

7

Static

static

1

bin.jar

windows11-21h2-x64

7

Analysis

  • max time kernel
    55s
  • max time network
    57s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/02/2024, 15:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bin.jar

  • Size

    618KB

  • MD5

    66373731edf5d006b249d0db35079c08

  • SHA1

    954720afc8408f54458a7fc7e33594214e0d39b4

  • SHA256

    639c2525c4c08e51da5f927bcb430dbab8e34fe3566227690769093950bc5d01

  • SHA512

    65cffa5d612d1de965a605b1887adbf0cf6853c3bd6971fda7589290cf2b52cd1d7e73e05925a8557c383b33277b0e340522170f07a1532bfcf3fa382b4a7369

  • SSDEEP

    12288:PofQ2VHlYr6l9EJ3yjtvJcN7mavV2gJ6K23XL7kNA99+hE0Z7g:AfQSFYr6l6J0CNkgRsXHqtA

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\bin.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:224
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:2128
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:1080
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:4916

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
              Filesize

              46B

              MD5

              f94da63cbf313dfadf435e681b762291

              SHA1

              66f9d935d5646a5a3a4fcc99b873edb739f8e3fe

              SHA256

              ffecf317fb7a4768535ff5336e4eb3e900b943567ad214b13d3d267d2ed24d8c

              SHA512

              8eb587756601aebfcb1919e680588ae54c5bd05031d98b4f69bd2ba5cb5a3fabb1fb41a6b58808a68ee7b991341744d35f181b70b57d4506a21102fcdce61a96

              Download Submit

            • memory/3632-4-0x0000023301410000-0x0000023302410000-memory.dmp

              Filesize

              16.0MB

              Download

            • memory/3632-12-0x000002337FBF0000-0x000002337FBF1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3632-14-0x0000023301410000-0x0000023302410000-memory.dmp

              Filesize

              16.0MB

              Download