8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df.jar
Size

209KB
MD5

bab2e737e8f87c387d069a4ae9af3a68
SHA1

2e936d38afa51c8adf496a3c58e431d1ca5cbf3f
SHA256

8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df
SHA512

75cc6ee4731c75b9d40c08588f3b3a23d06d04b409ecea976b3008ed0f785e52e50e82fceef5f918fa31bd2050da9f413666d3f224b1fd8425982aec6545d118
SSDEEP

6144:7mF8ZJdHV/cwxa2UzyQRLaVIM0qOu2P7VmyKk:7mCZHFTlUfGIM0quBKk

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4356	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4356	4248	java.exe	89
PID 4248 wrote to memory of 4356	4248	java.exe	89

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b54e0b94404a76730d187b89b5f29e47

SHA1
ee6dc9c848b67816ea9013ffae4f10ff2653e442

SHA256
5991a8a5db606019f39fdbc134c1f9c34d9a628a1eb536fc433bf8215507bfc4

SHA512
31fe46f35f8bbbea2333a73292a3fd18c42d2303cd4f133cba5cfce535e88d1264381636c8480ae17edd600b9ba99ea6379127571d4046e2fe1704ff846b4786

Download Submit
memory/4248-31-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download
memory/4248-16-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download
memory/4248-19-0x000001CB03E50000-0x000001CB03E51000-memory.dmp

Filesize
4KB

Download
memory/4248-23-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download
memory/4248-28-0x000001CB03E50000-0x000001CB03E51000-memory.dmp

Filesize
4KB

Download
memory/4248-4-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download
memory/4248-34-0x000001CB04130000-0x000001CB04140000-memory.dmp

Filesize
64KB

Download
memory/4248-33-0x000001CB040F0000-0x000001CB04100000-memory.dmp

Filesize
64KB

Download
memory/4248-35-0x000001CB04140000-0x000001CB04150000-memory.dmp

Filesize
64KB

Download
memory/4248-36-0x000001CB04150000-0x000001CB04160000-memory.dmp

Filesize
64KB

Download
memory/4248-37-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download
memory/4248-38-0x000001CB04160000-0x000001CB04170000-memory.dmp

Filesize
64KB

Download
memory/4248-39-0x000001CB03E70000-0x000001CB04E70000-memory.dmp

Filesize
16.0MB

Download