Analysis
-
max time kernel
68s -
max time network
84s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/03/2024, 16:30
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Updater.exe
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
javaws.jar
Resource
win11-20240221-en
General
-
Target
javaws.jar
-
Size
934KB
-
MD5
0ecc963e01f7d51aea3d6c402d72c3f3
-
SHA1
57a3b4965d8bade0e2325905ef7adb9b29e02ea6
-
SHA256
bb6404ed83bd863b74899a40817f72c860c3ac76c8ba315e159e652b38abb521
-
SHA512
4abd39159f8ba162cb46cdcccbe09963f8b618cb4e8ad6518615d66725316384cefd939887099e6011454b3d15bdee0f9ac2b50b11a91e63bfa3bde2cdd76c7e
-
SSDEEP
6144:OnmxSqiwY2amjyA6jwplwJkVG49J2+QdD727QrZxT5IDKAT5J3cAbozG7P9EEPka:XS6jyElY+2jAy9KfN
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 2704 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4692 wrote to memory of 2704 4692 java.exe 82 PID 4692 wrote to memory of 2704 4692 java.exe 82
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\javaws.jar1⤵
- Suspicious use of WriteProcessMemory
PID:4692 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:2704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD53690434cdf9032dd7d15c8b31f04f5e4
SHA1dff203169c89327d56177d204b0627991384d8e3
SHA2563fab9968049edcaad2472de24f3aa0fa3dcf5eff68ba14c31153f221d7a4c258
SHA512e23eb2e2bd33eadde41d77d045b58a59b048fef294647598ca1088fe39495b3d5ba18faf9c5cd78bbf1a0b8712a4af8992308426eba8c8683fc9e11d9bbdb4cc