26409557fae189649d0979f398b455c1c5ca4399519ece1c4133db745c207fe3

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67803465783202172024.PDF.jar
Size

222KB
MD5

169327613f58d6f672b61baa0b1e62a7
SHA1

677b3834020234903eac5266a43737a445070191
SHA256

81c4d89e77524faab2fd20e4fc2ebeec3af8c0bebfe598847c0d1afbd0245e5e
SHA512

8263c399e1b95393063ae2ba548efa3c0d556e747fb85f058756d9e331889aa94c710eec50322bdf8b5887b9f89e96a91efd4e061e267349eb19d9e297f99e79
SSDEEP

6144:WvVDmmNNp7JoEJ1zp9i9c5uPpKt9GXB7axe:WDPRT1F9Cc5uO9GR7aM

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1292 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 3048 wrote to memory of 1292 3048 java.exe icacls.exe
PID 3048 wrote to memory of 1292 3048 java.exe icacls.exe

pid	process
1292	icacls.exe

description	pid	process	target process
PID 3048 wrote to memory of 1292	3048	java.exe	icacls.exe
PID 3048 wrote to memory of 1292	3048	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\67803465783202172024.PDF.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3048

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
a4ee65c1d228c86cb8947e717cfefb9d

SHA1
798455915341f7a6d3c141d259d4371953ddbc62

SHA256
4a6b622867eab4dec62b3aa9e1eb87feca488b46aec9eb520bfe51ff38c8d2a9

SHA512
7a34867ff69316bb912a3e5b9f1c181e37fb9e6e3b75e516cb60a4a7a0ae050c1e2d4e593bbd97fff9b45b0bf938e99b0fe20e8659603e6aad5f775e6a3f8b36

Download Submit
memory/3048-45-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-42-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-20-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-25-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-49-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-37-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-17-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-4-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-29-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-53-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-65-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-66-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-79-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-89-0x0000020811C60000-0x0000020811C61000-memory.dmp

Filesize
4KB

Download
memory/3048-121-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download
memory/3048-128-0x0000020811C80000-0x0000020812C80000-memory.dmp

Filesize
16.0MB

Download