14b04e1a89c0c409142abb783b4fc06292ea4cd995d9873a1f528e82c1088ee7

Analysis

max time kernel
314s
max time network
1591s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
24-02-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adobe-photoshop-cs6-update.jar
Size

26.1MB
MD5

64c6a5ce377639f49f7735644eadff37
SHA1

9ee3a1998c98cd6f67019d07f5bcdc445b896520
SHA256

14b04e1a89c0c409142abb783b4fc06292ea4cd995d9873a1f528e82c1088ee7
SHA512

284c344d5193f496a739c0ae0c1a6369e12419d3691f1f75ad8c8665612d621b65821a76757edae234be093ceb38a40631d420cae302078d55d6ecd65eaaca2c
SSDEEP

786432:rNKHilLbvPuT8TbesnpqGRClxbckAuhaPD858N3wCw2kKd:ZhJu4neNxxvqN3O2

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3432	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 3432	1496	java.exe	74
PID 1496 wrote to memory of 3432	1496	java.exe	74

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\adobe-photoshop-cs6-update.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
0ed5af863fe2654eadbb36a5c55e0668

SHA1
63ef0d5daf1709da9f5b0478fb777348e0b1b84f

SHA256
ff0b2b6969083caa1f177f0e3523876be5f9454eea0eee0944aeb285e6f5c69c

SHA512
2d4feebd67f479e9270301176a63e4a3243a47223248d1ae962454387c7020e6bed987f02a1363bf58783a04b3a734e9d5db5ab231bd53c562ccf488f3a3a907

Download Submit
memory/1496-4-0x000001AF825A0000-0x000001AF835A0000-memory.dmp

Filesize
16.0MB

Download
memory/1496-12-0x000001AF82580000-0x000001AF82581000-memory.dmp

Filesize
4KB

Download