78bc1c088363f96eecd43f6c15337f143d8ba0ba6225aad875d0f29210a48f6b

Analysis

max time kernel
148s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyNote_By 30Deep/Resources/Imports/PlayerJava/PlayerJava.jar
Size

3KB
MD5

d9c23d7574c0d886321dcd029e463f2c
SHA1

7fad47eb6860a01325c6d526a43d9bbadb66aff7
SHA256

e22d8a06415f21b900a9a079a6a7928d6c84d2cf33aa07c6ad385dfbbfcd55ed
SHA512

c32c019fb0bacbd70441cf3ed769bfde9597389f840ff8511db36586756382ef22bd163a7b7cb9e258a4b7a896e5d1a606d92513a141cb2e3c6e421a66ecb316

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3268 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 2892 wrote to memory of 3268 2892 java.exe icacls.exe
PID 2892 wrote to memory of 3268 2892 java.exe icacls.exe

pid	process
3268	icacls.exe

description	pid	process	target process
PID 2892 wrote to memory of 3268	2892	java.exe	icacls.exe
PID 2892 wrote to memory of 3268	2892	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\SpyNote_By 30Deep\Resources\Imports\PlayerJava\PlayerJava.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3884 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
834b6d21c61dcba273fa73e2e78cb7d5

SHA1
a93d18c55864298bc59215163e49086ddebed8b3

SHA256
e88225b2258ecc49918697d55e5d14d647c625dc13a169d1c7bb391058e2cfc0

SHA512
61fad71a7c5111fd3d8e1e0e01bb7e452198f18b44a06341fcccf83f29b50ca10e827ea3ba2355b2bf9e4f5e183c9b341ee8593df168ae069b315cc4e388788f

Download Submit
memory/2892-2-0x0000013E00000000-0x0000013E01000000-memory.dmp

Filesize
16.0MB

Download
memory/2892-13-0x0000013E72640000-0x0000013E72641000-memory.dmp

Filesize
4KB

Download