Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-03-2024 05:15
Behavioral task
behavioral1
Sample
8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483.jar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483.jar
Resource
win10v2004-20240226-en
General
-
Target
8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483.jar
-
Size
209KB
-
MD5
288df8ebedd13b531e74c5f9ce730b2c
-
SHA1
5560f86aa3370b500a71837494da09ba7ba35516
-
SHA256
8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483
-
SHA512
d017ebfdff1765759a66006785ed51024ef14b615090368aaff2c92e4b2bfcdc25e41ee3f146eecb51b724b50b7e5ec6d10584cea427e1a34bf6a86ff293364d
-
SSDEEP
6144:qEw8tJIH//nRBnmszyNRJAVdjifpuHPqVmyKd:qE5t6XbmsCudjifyeKd
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
Processes:
java.exedescription ioc process File opened for modification C:\Program Files\Java\jre-1.8\bin\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb java.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1896 wrote to memory of 4976 1896 java.exe icacls.exe PID 1896 wrote to memory of 4976 1896 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483.jar1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD510c9a645997d58f470c4fec16eebbd9f
SHA19e7fa5d81a0ba97fb658c3a125beb0fcf63f5f35
SHA256e6f2aaa2f242d7afcac589d6363627b621e38c1aa43b6862dca211d29ac919cd
SHA5126d314627ef0209ab3b1a348115cf279d6a03f441948fb4d86f842c1e5ed908aa3d1d5856295e4be75b215acaab3ba5a7bfd48225646661370ffebc67b4e80798
-
memory/1896-2-0x0000014895690000-0x0000014896690000-memory.dmpFilesize
16.0MB
-
memory/1896-12-0x0000014894020000-0x0000014894021000-memory.dmpFilesize
4KB