Overview

overview

7

Static

static

3

Adobe/de.ps1

windows11-21h2-x64

1

App Setup.exe

windows11-21h2-x64

7

$PLUGINSDI...er.dll

windows11-21h2-x64

1

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

3

InstaIIer.exe

windows11-21h2-x64

1

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

$R0/Uninst...er.exe

windows11-21h2-x64

7

d3dcompiler_47.dll

windows11-21h2-x64

1

lib/asm-all.jar

windows11-21h2-x64

7

lib/dn-com...le.jar

windows11-21h2-x64

7

lib/dn-php-sdk.jar

windows11-21h2-x64

7

lib/gson.jar

windows11-21h2-x64

7

lib/jfoenix.jar

windows11-21h2-x64

7

lib/jphp-a...rk.jar

windows11-21h2-x64

7

lib/jphp-core.jar

windows11-21h2-x64

7

lib/jphp-d...xt.jar

windows11-21h2-x64

7

lib/jphp-gui-ext.jar

windows11-21h2-x64

7

lib/jphp-g...xt.jar

windows11-21h2-x64

7

lib/jphp-json-ext.jar

windows11-21h2-x64

7

lib/jphp-j...xt.jar

windows11-21h2-x64

7

lib/jphp-runtime.jar

windows11-21h2-x64

7

lib/jphp-xml-ext.jar

windows11-21h2-x64

7

lib/jphp-zend-ext.jar

windows11-21h2-x64

7

lib/jphp-zip-ext.jar

windows11-21h2-x64

7

lib/jsoup.jar

windows11-21h2-x64

7

lib/slf4j-api.jar

windows11-21h2-x64

7

lib/slf4j-simple.jar

windows11-21h2-x64

7

lib/zt-zip.jar

windows11-21h2-x64

7

libG1LESv2.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    164s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/03/2024, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/jsoup.jar

  • Size

    342KB

  • MD5

    36145fee38e79b81035787f1be296a52

  • SHA1

    33ee82e324f4b1e40167f3dc5e01234a1c5cab61

  • SHA256

    6ebe6abd7775c10a49407ae22db45c840cd2cdaf715866a5b0b5af70941c3f4a

  • SHA512

    3b00b07320831f075a6af9ac1863b8756fe4f99a1b4f2e53578dca17fdaf7bdb147279225045e9eeeba4898fe321cf5457832b8e6a1a5b71acff9a1c10392659

  • SSDEEP

    6144:C12HHimPXaabXTLqQt/ujrjUqGSEzZn/K0qeW79ix6vEF0FYqPfW:CCx3bXTGoGvJGSCtqeyIovECdPfW

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib\jsoup.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1500

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          13e4a87f66f84a44fe09a19537c42869

          SHA1

          b3428008cfdf6c0b838ae229d58069ae752f7e5e

          SHA256

          fc29337cd4c405802b09d7e29760de650b4f4a2fbc05f199d3d69560f60e8d30

          SHA512

          a967b806a7a140276cc1118f161b62a1addb3e8ad83078d7e806fefbdffb2ba844a3f98399bf593b6a4cceaf33346e2dac1ee30f0629dc8261b804e298d60344

          Download Submit

        • memory/1576-4-0x0000026D6AB20000-0x0000026D6BB20000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/1576-12-0x0000026D6AB00000-0x0000026D6AB01000-memory.dmp

          Filesize

          4KB

          Download