82377f38aa1d3bd0989c66292eaf467b0912d16c18f76e79b201640cc9f519ca

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b227cc81bae5fbe74537e84b2a57c5761a63b0b6bf26f84c305e56c2c4255ca.jar
Size

209KB
MD5

82ddfae819b4cb46144b03c2d68377fb
SHA1

49d56b3c003c095d746c1fe3500dd06f4eacb704
SHA256

6b227cc81bae5fbe74537e84b2a57c5761a63b0b6bf26f84c305e56c2c4255ca
SHA512

ffb16eda0f7e103bec6fff763b98d7f66ef4b50391c5b8e3baeb1a68c6f03d79f7741100be1064bc16fb2e196ee22b4a2986cbc5e04f47826f7a572e9d758957
SSDEEP

6144:0sC8dJ2Hf/ljpxyAzy7RpUV7ly1TuVPYVmyKg:0sbdo3j0Aci7ly1mIKg

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2116	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2116	2132	java.exe	85
PID 2132 wrote to memory of 2116	2132	java.exe	85

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\6b227cc81bae5fbe74537e84b2a57c5761a63b0b6bf26f84c305e56c2c4255ca.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6cac64cf6eec5bd7b3b1018c04187b6f

SHA1
92386c19109e2aa409b246c46d61820495e57696

SHA256
2487e13eb0d4ac0988b82247ef334b2b98eb32683610dd9c8310d9920cf9929c

SHA512
92db20dd45ca1a9c4726aeb43a449d27b1547b9f36200bd8dd6092295ebd77a417a98427628abf9f01e2a3e6eda7be61fc452a963368c3eb34ea90e351774cc7

Download Submit
memory/2132-36-0x000001FBB9350000-0x000001FBB9360000-memory.dmp

Filesize
64KB

Download
memory/2132-39-0x000001FBB9360000-0x000001FBB9370000-memory.dmp

Filesize
64KB

Download
memory/2132-16-0x000001FBB7870000-0x000001FBB7871000-memory.dmp

Filesize
4KB

Download
memory/2132-22-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-30-0x000001FBB7870000-0x000001FBB7871000-memory.dmp

Filesize
4KB

Download
memory/2132-32-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-15-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-37-0x000001FBB9390000-0x000001FBB93A0000-memory.dmp

Filesize
64KB

Download
memory/2132-35-0x000001FBB9310000-0x000001FBB9320000-memory.dmp

Filesize
64KB

Download
memory/2132-38-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-4-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-40-0x000001FBB9370000-0x000001FBB9380000-memory.dmp

Filesize
64KB

Download
memory/2132-41-0x000001FBB93A0000-0x000001FBB93B0000-memory.dmp

Filesize
64KB

Download
memory/2132-42-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download
memory/2132-43-0x000001FBB9090000-0x000001FBBA090000-memory.dmp

Filesize
16.0MB

Download