9f000e49c75142dd94ed9688dea77505afd31642bc9e953a69a5d2863156b0e0

Analysis

max time kernel
140s
max time network
162s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2024, 10:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

lib/asm-all.jar
Size

241KB
MD5

f5ad16c7f0338b541978b0430d51dc83
SHA1

2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a
SHA256

7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d
SHA512

82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a
SSDEEP

6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
996	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 996	3172	java.exe	82
PID 3172 wrote to memory of 996	3172	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\lib\asm-all.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
40ac3947ee382bec335d27acc8d4b8fe

SHA1
3bb5892670080196311e89d5b9541e9004a12a5f

SHA256
eb0795ef329ecd360496199dd3a46bd90170e8793692e9061c0c613f7a135af8

SHA512
b22064d8194b389a378390919198d89185622c3667cc5d03b46eb3c0aa1c14c5d44e867d5ef85b9f11824c6e1cbd623c6fa9277ae93397dc179846d6f7a72521

Download Submit
memory/3172-8-0x000002588C6B0000-0x000002588D6B0000-memory.dmp

Filesize
16.0MB

Download
memory/3172-12-0x000002588ADE0000-0x000002588ADE1000-memory.dmp

Filesize
4KB

Download