Analysis

  • max time kernel
    25s
  • max time network
    30s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 18:54

General

  • Target

    Setup_v_43.3.exe

  • Size

    108KB

  • MD5

    d827cf4f08d8e932f67bdb8bde5f92cf

  • SHA1

    771f875fb10090e2ab2537d8787bb3d1a4fb7b8b

  • SHA256

    33871c084b06e67d2fb8cc19c672ed27ce604c17ec8519bc44c85a2b1765475e

  • SHA512

    e2692fd15974db7cc459c8d2755268d39bb2d819858ac30c42d986284f553cd0e07926434c6550a43e9bc108b1cc35b1cf7e813adbfd885c1ef5a9e028d4abe0

  • SSDEEP

    768:F7Zw33FNUf6Nhd/fQ1l+0vM0iT9vIS1Kadjp3S0VYcFodSzSZ27lftcE2ryRIoM0:VZ2FWSNhd/4131iWS1Kax9SxcvqMrIri

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3720
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3916

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          dffe1e5285db31a952ddd0f0b886c73c

          SHA1

          80c2719af0d5361f359d79ae5e21cc49322db813

          SHA256

          fa99e83d620380efcc8112bd135b899b1baaee0f297862268ddf96160f54e342

          SHA512

          a5ee6d8cb6e77a78308ac6aef3aa384a92a64907b2f0f32d2aa414e0f0f53e7f41855cefae92f7e622b4f624fa83e9fcd5d5ffd5b3d8049d084421a6d05c881a

        • memory/1876-0-0x0000000000400000-0x0000000000425000-memory.dmp

          Filesize

          148KB

        • memory/3720-3-0x0000012143170000-0x0000012144170000-memory.dmp

          Filesize

          16.0MB

        • memory/3720-14-0x0000012143150000-0x0000012143151000-memory.dmp

          Filesize

          4KB