aef51e8fc0523142dd59038c4c74746c0856648f67081206cba26d740db91c69

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 20:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Bot3.7.jar
Size

610KB
MD5

2a0203c04722cca18c7829e7082e3bbb
SHA1

6bd6054585ab0e4ba961b8685af9a9df556f4f08
SHA256

aef51e8fc0523142dd59038c4c74746c0856648f67081206cba26d740db91c69
SHA512

797344cd9ba8045f0a63ead03a339c726665bbd3a39f12c3b07c5e44b6e51633a0dc0defdaf1ff37977feae5cb4d10c84248be04ebb67d284cf89ac3bec97ff8
SSDEEP

12288:6u551EEB5DX6uI1ylSEAHQ35DIRUamELzy0:6u551EEB5DX6j0liIDFgzy0

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
832	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3452	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 832	3452	java.exe	82
PID 3452 wrote to memory of 832	3452	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Bot3.7.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
652eb09df8d9e54d66455fb8e7eb41d4

SHA1
3d293ac2ee7ab61796bf2021e2156d5f0d120e29

SHA256
67646bfed2d9a948044816712c3e37ac046a67aa1f8cefb47f2dec76fade79ae

SHA512
8bb036cca995bec62e4bc617e5ab633b685a7f7fd421eaba198be0ae980f29430187d34f79e19c953c0d3bc850b19c78ed9ea7acb47cdec6deffd874b34bb3b4

Download Submit
memory/3452-5-0x000001B1C8A90000-0x000001B1C9A90000-memory.dmp

Filesize
16.0MB

Download
memory/3452-12-0x000001B1C7230000-0x000001B1C7231000-memory.dmp

Filesize
4KB

Download
memory/3452-25-0x000001B1C8A90000-0x000001B1C9A90000-memory.dmp

Filesize
16.0MB

Download
memory/3452-26-0x000001B1C7230000-0x000001B1C7231000-memory.dmp

Filesize
4KB

Download
memory/3452-28-0x000001B1C8A90000-0x000001B1C9A90000-memory.dmp

Filesize
16.0MB

Download
memory/3452-32-0x000001B1C7230000-0x000001B1C7231000-memory.dmp

Filesize
4KB

Download