Overview

overview

7

Static

static

3

cc1dd1df4f...fe.exe

windows7-x64

7

cc1dd1df4f...fe.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

bin/bootstrap.jar

windows7-x64

1

bin/bootstrap.jar

windows10-2004-x64

7

bin/common....1.jar

windows7-x64

1

bin/common....1.jar

windows10-2004-x64

7

bin/tomcat-juli.jar

windows7-x64

1

bin/tomcat-juli.jar

windows10-2004-x64

7

bin/tomcat5.exe

windows7-x64

1

bin/tomcat5.exe

windows10-2004-x64

1

bin/tomcat5w.exe

windows7-x64

1

bin/tomcat5w.exe

windows10-2004-x64

1

common/i18...en.jar

windows7-x64

1

common/i18...en.jar

windows10-2004-x64

7

common/i18...es.jar

windows7-x64

1

common/i18...es.jar

windows10-2004-x64

7

common/i18...fr.jar

windows7-x64

1

common/i18...fr.jar

windows10-2004-x64

7

common/i18...ja.jar

windows7-x64

1

common/i18...ja.jar

windows10-2004-x64

7

common/lib...el.jar

windows7-x64

1

common/lib...el.jar

windows10-2004-x64

7

common/lib...dt.jar

windows7-x64

1

common/lib...dt.jar

windows10-2004-x64

7

common/lib...er.jar

windows7-x64

1

common/lib...er.jar

windows10-2004-x64

7

common/lib...me.jar

windows7-x64

1

common/lib...me.jar

windows10-2004-x64

7

common/lib...pi.jar

windows7-x64

1

common/lib...pi.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 18:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    common/lib/jasper-compiler.jar

  • Size

    401KB

  • MD5

    0168a89e9c6d9d25777fc4b2a705b4a6

  • SHA1

    46dcc057ca4b2bfc268a32f5c6e2a5336b7ad00a

  • SHA256

    235ae38bd74c3ee869237f5a3c847d91d9962813c95048b1cdeef43d14090125

  • SHA512

    2f283b21382aedb8b9dcfd1a4f10ea99f918e2844af5cd380eb137796e9df2d449057503cd4a23882a5765c27ce8fc37b3af40b90dfb858dc40ca4cb57a2d55d

  • SSDEEP

    12288:hQFH/qdReQR3t7WPF7B/Xf7XxTtoHxMyidQR78VKY:Yy7eo7W9dPjX9qU+8IY

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\common\lib\jasper-compiler.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4896
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    783db5dbcf39c7ae3eb899e09da4fd31

    SHA1

    6b24b5a8c97bb7e0134bee0d36ad1b5e2e6371e5

    SHA256

    4de2faec0a9fbdfb52e3cb6c825b8347620aa9ffde5cdb70992e9d6747c3fe6c

    SHA512

    648c2699a14a82132246ea637cc405fd3f2c2abe6511b32b025c8e3370aa59fc8ab82b34047649ecf6ffa890b0e9466ae5102a9ba11e731e56d56e2f34fc1495

    Download Submit

  • memory/4896-7-0x000001B51CFD0000-0x000001B51DFD0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4896-12-0x000001B51CFB0000-0x000001B51CFB1000-memory.dmp

    Filesize

    4KB

    Download