Analysis

  • max time kernel
    90s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:53

General

  • Target

    libraries/com/paulscode/codecwav/20101023/codecwav-20101023.jar

  • Size

    5KB

  • MD5

    f6a93b7eb8083e4ced92e7e253657057

  • SHA1

    12f031cfe88fef5c1dd36c563c0a3a69bd7261da

  • SHA256

    bb7d17b340afe6abdfbfdaa03683bce4aef39a64887dbab0636eaff3cf2d59ba

  • SHA512

    994af7ab19036542162d75a94dad4c7645f60626879f715d308966b8a018c84474cfcac28e2555f4a6e7a925bc919c54da276e2ee45bad2eb512ca1abeb7a2ed

  • SSDEEP

    96:u266mpym+KSA1ET69IjWVVWSa0OQDBrDkO2l/7FOn1fQL2MGyZ+7VoRXQn5bfyp:u266mTCjavWPbQDBrUDFOn1frcZ+xoRn

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\libraries\com\paulscode\codecwav\20101023\codecwav-20101023.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3036

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          78c9f9734090b7cc27ac4409d6b980ae

          SHA1

          ccff4678b3958edf70747ccf6e4105bf8ecd2215

          SHA256

          3a06719397988caadb18e808deca3bc0b1e0a4d4936f898a4d3f6d2444439671

          SHA512

          144330c82b26056e6e7f1c8d7fa656f8d75fd3c19caf962acfeabde5de284739136e462a1d5200e2a72321f8f3ca83f491ae1b1cab12cded412d894d2315a8bb

        • memory/2360-4-0x000001CC09EE0000-0x000001CC0AEE0000-memory.dmp

          Filesize

          16.0MB

        • memory/2360-11-0x000001CC086B0000-0x000001CC086B1000-memory.dmp

          Filesize

          4KB