Analysis
-
max time kernel
154s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12-03-2024 03:28
General
-
Target
a95313d60a72e884da0432039645f13e0cdf14fc05e24e78785a4e2de8931ead.jar
-
Size
109KB
-
MD5
90e0fb5c6cb86b7b12129108077f03b9
-
SHA1
26f78fce02a512e1c14715cc5f76a98cab26282f
-
SHA256
a95313d60a72e884da0432039645f13e0cdf14fc05e24e78785a4e2de8931ead
-
SHA512
fcd2dc4bd1d65f4d92d4e482a9166df74a897f09cbfc0d4100fd65e3a6102951085b0554041b51b211327149ee74c99e703cdeb7c98497c3955a44cd8cc20233
-
SSDEEP
3072:JsOq/Sv/eNHBeBy8BZMCOZ6mdbx9jHTuctPXZWyROqzyNw:Lq6v/e1gBy88Cy6wbx9vuctPUtqzyK
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\a95313d60a72e884da0432039645f13e0cdf14fc05e24e78785a4e2de8931ead.jar1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD519d781d94b47ddc2968e8436ad50063c
SHA124483bbc37364dbb50776fdce7be8a481986cee7
SHA256b49e6cce317b6bee1915216e56eef6f79635911f2ba7fb29624a4af730024059
SHA51237454117e1fb5aa8c3df21de7e96bb7a542a2f21fdf92e978ac9c9bd7ae56ce8c06ec8e26254aaf74c4b9f579714362487de5ff66c4c12ce25898723e4cbbf88
-
memory/3944-48-0x000002BD9B600000-0x000002BD9B610000-memory.dmpFilesize
64KB
-
memory/3944-19-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-50-0x000002BD9B550000-0x000002BD9B560000-memory.dmpFilesize
64KB
-
memory/3944-29-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-31-0x000002BD99C40000-0x000002BD99C41000-memory.dmpFilesize
4KB
-
memory/3944-33-0x000002BD99C40000-0x000002BD99C41000-memory.dmpFilesize
4KB
-
memory/3944-44-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-46-0x000002BD9B510000-0x000002BD9B520000-memory.dmpFilesize
64KB
-
memory/3944-51-0x000002BD9B570000-0x000002BD9B580000-memory.dmpFilesize
64KB
-
memory/3944-4-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-60-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-12-0x000002BD99C40000-0x000002BD99C41000-memory.dmpFilesize
4KB
-
memory/3944-47-0x000002BD9B590000-0x000002BD9B5A0000-memory.dmpFilesize
64KB
-
memory/3944-52-0x000002BD9B580000-0x000002BD9B590000-memory.dmpFilesize
64KB
-
memory/3944-53-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-54-0x000002BD9B5A0000-0x000002BD9B5B0000-memory.dmpFilesize
64KB
-
memory/3944-55-0x000002BD9B5B0000-0x000002BD9B5C0000-memory.dmpFilesize
64KB
-
memory/3944-57-0x000002BD9B5E0000-0x000002BD9B5F0000-memory.dmpFilesize
64KB
-
memory/3944-56-0x000002BD9B5D0000-0x000002BD9B5E0000-memory.dmpFilesize
64KB
-
memory/3944-58-0x000002BD9B290000-0x000002BD9C290000-memory.dmpFilesize
16.0MB
-
memory/3944-59-0x000002BD9B5F0000-0x000002BD9B600000-memory.dmpFilesize
64KB
-
memory/3944-49-0x000002BD9B540000-0x000002BD9B550000-memory.dmpFilesize
64KB