Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:53

General

  • Target

    libraries/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar

  • Size

    60KB

  • MD5

    92eb5aabc1b47287de53d45c086a435c

  • SHA1

    f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f

  • SHA256

    70903f6fc82e9908c8da9f20443f61d90f0870a312642991fe8462a0b9391784

  • SHA512

    e5d1fc8ec4544e1fa0f7c4aae8dbcca466c4987bc92fbbc430b054b10d646b745add4a754b1be9d50edd64330c798c53173a97289db57a966312e16f934e9d1f

  • SSDEEP

    768:Oirgim03eHcOSlWmuvjpNToHSQfWZy2VDfEXsHtprlPox2u+nA5q5ddrSxw3qKrg:Xtmjc+TbT4SKQ5VD7Zi2u+niSddrtvrg

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          1f5014cdbd992ac8653dedee2d4a4f07

          SHA1

          980b51454a5c4790e6fce40fc93b71129822f368

          SHA256

          24fdde59000c6bc1d2e11a850e15e18636c928a10d9ec8197e44e0b0109788f2

          SHA512

          d7411fb157c6fa5865087b94ed4616b4a8aad4070a3784b573c04d07536f67aeec5e1a606542a07ac636995265b45d236b105a594ebe8f312db17bc4b8dabf3d

        • memory/1628-4-0x000001F980000000-0x000001F981000000-memory.dmp

          Filesize

          16.0MB

        • memory/1628-11-0x000001F9F0F60000-0x000001F9F0F61000-memory.dmp

          Filesize

          4KB