Overview

overview

7

Static

static

3

Adobe/de.ps1

windows11-21h2-x64

1

App Setup.exe

windows11-21h2-x64

7

$PLUGINSDI...er.dll

windows11-21h2-x64

1

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

3

InstaIIer.exe

windows11-21h2-x64

1

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

$R0/Uninst...er.exe

windows11-21h2-x64

7

d3dcompiler_47.dll

windows11-21h2-x64

1

lib/asm-all.jar

windows11-21h2-x64

7

lib/dn-com...le.jar

windows11-21h2-x64

7

lib/dn-php-sdk.jar

windows11-21h2-x64

7

lib/gson.jar

windows11-21h2-x64

7

lib/jfoenix.jar

windows11-21h2-x64

7

lib/jphp-a...rk.jar

windows11-21h2-x64

7

lib/jphp-core.jar

windows11-21h2-x64

7

lib/jphp-d...xt.jar

windows11-21h2-x64

7

lib/jphp-gui-ext.jar

windows11-21h2-x64

7

lib/jphp-g...xt.jar

windows11-21h2-x64

7

lib/jphp-json-ext.jar

windows11-21h2-x64

7

lib/jphp-j...xt.jar

windows11-21h2-x64

7

lib/jphp-runtime.jar

windows11-21h2-x64

7

lib/jphp-xml-ext.jar

windows11-21h2-x64

7

lib/jphp-zend-ext.jar

windows11-21h2-x64

7

lib/jphp-zip-ext.jar

windows11-21h2-x64

7

lib/jsoup.jar

windows11-21h2-x64

7

lib/slf4j-api.jar

windows11-21h2-x64

7

lib/slf4j-simple.jar

windows11-21h2-x64

7

lib/zt-zip.jar

windows11-21h2-x64

7

libG1LESv2.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/03/2024, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/jphp-app-framework.jar

  • Size

    103KB

  • MD5

    0c8768cdeb3e894798f80465e0219c05

  • SHA1

    c4da07ac93e4e547748ecc26b633d3db5b81ce47

  • SHA256

    15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669

  • SHA512

    35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106

  • SSDEEP

    1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib\jphp-app-framework.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2156-5-0x0000013E2F110000-0x0000013E30110000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/2156-11-0x0000013E2F0F0000-0x0000013E2F0F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2156-12-0x0000013E2F110000-0x0000013E30110000-memory.dmp

          Filesize

          16.0MB

          Download