Analysis
-
max time kernel
95s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
lazy-language-loader-0.3.2.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
lazy-language-loader-0.3.2.jar
Resource
win10v2004-20240221-en
General
-
Target
lazy-language-loader-0.3.2.jar
-
Size
24KB
-
MD5
fd019656613f8cb6258b2bf315e4043d
-
SHA1
d2f1d635aedbdb304c8c76a9476846e17396522b
-
SHA256
2fdb5168bd72ba3a2c1f3e8cbca63de773a98dfd16066e157b301fd1e050214a
-
SHA512
51f04a5dd41491b82136a4f0c49926694708f1394f44fad679a351965d49a9220442c0ed55ed7bed76c6f7bd10ad86afa8cb436b5726d0ba670b8e191ac5f839
-
SSDEEP
768:IGJGBcqzH+auxglHSTMsZ1f3Ne1291m14f:fJVqzH+fghSYE1fda291F
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 4916 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3952 wrote to memory of 4916 3952 java.exe 87 PID 3952 wrote to memory of 4916 3952 java.exe 87
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\lazy-language-loader-0.3.2.jar1⤵
- Suspicious use of WriteProcessMemory
PID:3952 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:4916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD54edaa1bb4fe7ec22d4862e05eab72946
SHA1fd96a41fee624289bed95edf4c218a778113f0a8
SHA256ad04cc5dc1278c796e326ba6e8cedf68b0736236f672a6b80ad63649f37fa7fb
SHA512eb672c43c301dd76e0696b8925ce8e7b8f179c37ed506f5595ac840b4cf494b6b902caf43fd331249e24a143be1e0c3e731afda01c833b9ad226c6e76c3ae779