ebadf30fc06fd253db929e1654a3b7f35d1769682d385096d1cf923175b1a130

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 08:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d59edbb068df085be96ce0b6db2faa7c.jar
Size

6KB
MD5

d59edbb068df085be96ce0b6db2faa7c
SHA1

a50c576ca854b313a386452ed39aadb68931dedd
SHA256

ebadf30fc06fd253db929e1654a3b7f35d1769682d385096d1cf923175b1a130
SHA512

9a50b53709201616cb95f972d8eb0f4490a8300cd9658c205b34b6ba4e575fd7961c658db0a288618ed9257f2a67c9e2101792a12940a9db157a860f85da8eed
SSDEEP

192:VlzytQSle1/TLmQaMw9RzYbitnD5jMTQLSi:VlWGSM9ZeRzYbitVP

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3528	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 3528	2284	java.exe	89
PID 2284 wrote to memory of 3528	2284	java.exe	89

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\d59edbb068df085be96ce0b6db2faa7c.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
07bfaf8597ebf83cab0e7c6f9807d814

SHA1
72b03740d405b002d9968a8d4efae0052271e79c

SHA256
00e3c0c81d5f19adf06761fe6446ccbfedb31e605d62b1232ad74a1b1702e671

SHA512
703cc130dc12bcbc6a42412a429fc0833412b52021475cf92ca3b07f02d5a6ac9593efd3911440c12ed842ae6e5a8bb78cdb78f54c3dca1999c0fb40e702ac79

Download Submit
memory/2284-8-0x00000293AB5F0000-0x00000293AC5F0000-memory.dmp

Filesize
16.0MB

Download
memory/2284-11-0x00000293AB5D0000-0x00000293AB5D1000-memory.dmp

Filesize
4KB

Download
memory/2284-13-0x00000293AB5F0000-0x00000293AC5F0000-memory.dmp

Filesize
16.0MB

Download