78fe6d6c09d4b004430755e4928a94ebd6a224a848bf6d4e94203fa4ee792fb6

Resubmissions

09/03/2024, 17:29

240309-v2jy1sea4s 7

09/03/2024, 17:23

26/02/2024, 21:20

26/02/2024, 21:17

26/02/2024, 16:16

26/02/2024, 13:40

26/02/2024, 13:39

26/02/2024, 13:02

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58aef9490f1b8a03e1a63d9265026b4c/58aef9490f1b8a03e1a63d9265026b4c.jar
Size

2.7MB
MD5

5c51ac1933f63fc62fb457c36f543f41
SHA1

16aa9583c72bbb04a66fde6ee92f438256e44ce2
SHA256

08b4ac714cd98b32f5b94e2b7ece8fc01bf37a53b495efc7d172e299289121d4
SHA512

c30434b3324d4f5735363cef29ae2dc4172e8fa5f1469f68c284112649fb7823619b8683efb3558897df31f929b141378c69fcbe881788eac569ff3003279386
SSDEEP

49152:FiEsQjU+vPR6Hzpty/GlUbLJ35aVoPaC+L5hCUCnoiwSwU1JgPWLIOoS:FiFQj9cHHVGbLR5h+L3CUCnoiZN1mPW9

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4728	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 4728	1612	java.exe	90
PID 1612 wrote to memory of 4728	1612	java.exe	90

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\58aef9490f1b8a03e1a63d9265026b4c\58aef9490f1b8a03e1a63d9265026b4c.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f9219b2a7aa8f4aafc91ed401fc7d320

SHA1
2fc109167b169c33e9787e925c6255a2be74beb5

SHA256
576a64a3fcf47c20271e8c87cf8a07c6a6f99fbf4d5bbcd8bafdb78ef7f6eb31

SHA512
e368bbe605dff7c4b6288c37e5a14ec4822cc54ba972b15bda3694557d08287adc2b7fbe13953f764074ebf6ddc9925d46625f68c344eeba5fb065811009a4a2

Download Submit
memory/1612-4-0x000001ED470E0000-0x000001ED480E0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-13-0x000001ED457F0000-0x000001ED457F1000-memory.dmp

Filesize
4KB

Download