fb77547cdc6e9a68a6c43edbffa436a0b54a8a5c06d1d003ae1f04e5cf54f085

Analysis

max time kernel
143s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

common/lib/jasper-compiler-jdt.jar
Size

1.3MB
MD5

3424f3ee845d81c85fa266b502ea2136
SHA1

be37787074dd5eae4972895972c9fc56bcc6c082
SHA256

0ce8b397fd2e16808500fbd7a57fff609c1f96c17fa19e5d55683e7c8093103d
SHA512

47a37f756d66214df40a75b9c78ad312b9c9928bd4124e3add05a8ee8b14714b16f252d07a512dbb64c94ca4922f4a6b852e167563739c264b58919b2c350733
SSDEEP

24576:hVl0DgFYgcRHLzMG+b8MXKdQcHrrhAicqZFXtq5aUplHrgj/2b8pfWEOh:hVGDFxRHPj+b87r6VqPNYlHryM8AEOh

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4180	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 4180	4528	java.exe	92
PID 4528 wrote to memory of 4180	4528	java.exe	92

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\common\lib\jasper-compiler-jdt.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
477af459fd934449f77dacb828948ec6

SHA1
47f15ee0f9cbb19e0e62332f0b3d74c676962f71

SHA256
e9863f11c1f1b20dedfaabd7f79ac7a3633f4e0f26ff3017bd1b9833da2cc569

SHA512
3f0f9911d5f817efe4f3ffc4329373f8d351d6f56f71deedc1eb1b87f19e02b3ac0bdb33102205ed1fdcb4bb68dabbe94c84e0bd67951e24ed55c70c5a4b8ee9

Download Submit
memory/4528-4-0x00000245C2120000-0x00000245C3120000-memory.dmp

Filesize
16.0MB

Download
memory/4528-11-0x00000245C2100000-0x00000245C2101000-memory.dmp

Filesize
4KB

Download
memory/4528-13-0x00000245C2120000-0x00000245C3120000-memory.dmp

Filesize
16.0MB

Download