Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:53

General

  • Target

    libraries/com/paulscode/codecjorbis/20101023/codecjorbis-20101023.jar

  • Size

    101KB

  • MD5

    0d622e2ac4368b5a33d540a9e4819e0c

  • SHA1

    c73b5636faf089d9f00e8732a829577de25237ee

  • SHA256

    6c4b4e50e608763564afa1bde2d25ece9dd715e7c9129540faa1faded4896506

  • SHA512

    304b55520c48d574cb046efa45687000b640937ea86119b81c152bfb192aded3de61b993bb83275e21efa4cf0f50efd3025d030b18dc1a0f53fed1dcdcb151f9

  • SSDEEP

    1536:WD3fa3ic1NIqIZ8CYAEsNMFpdui0VH3Bq61a4D3r1j/mOQu6+5Gy+gvocWbRtaM5:OcsqLCvmLuvNRq61aal/mPuV5VxvAWF8

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\libraries\com\paulscode\codecjorbis\20101023\codecjorbis-20101023.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          82cb1eb387e9b3abb212ba4237b7007a

          SHA1

          68b9c5c28c5325e574ffca7b08b25585a99c8390

          SHA256

          f9b6f9844e5fc105a1b29828b1809d4ba26ca738e29ef35fe4b0cb6be12b2723

          SHA512

          aef6af4fac311fdef2e528a4b4926a4126be257b7cbae6fd038de5c312b21f98558c5d669f588a01846ec8c9f8f656b5507084601df14a9dd4a6bd1035ed75ab

        • memory/4064-4-0x0000017D81410000-0x0000017D82410000-memory.dmp

          Filesize

          16.0MB

        • memory/4064-12-0x0000017DFF820000-0x0000017DFF821000-memory.dmp

          Filesize

          4KB