2c3c7bb834448fb264ee307b45877b28eacfb51c97c1733fb0f5f12e172a2d66

Analysis

max time kernel
130s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c3c7bb834448fb264ee307b45877b28eacfb51c97c1733fb0f5f12e172a2d66.jar
Size

182KB
MD5

6931358f3fc8605f88a913672cd3bb2f
SHA1

05058b97361814763d3921808b3058cb7347f1aa
SHA256

2c3c7bb834448fb264ee307b45877b28eacfb51c97c1733fb0f5f12e172a2d66
SHA512

27f2d7d3bdc89292e364a301f5a4263fa4c36588418333c16f6ce0812b038f71300c7242c489e502a9e17d08943aa7b602535944459e4624ad2595c035188e10
SSDEEP

3072:WLiKdwQJ6IIGhKxO9SNr36eE6HaZZhWS26j5I1pemu4Gnxs5z7Up:8lwZPOKxO9wsM69z3Pnxyfg

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3484	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 3484	1148	java.exe	95
PID 1148 wrote to memory of 3484	1148	java.exe	95

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\2c3c7bb834448fb264ee307b45877b28eacfb51c97c1733fb0f5f12e172a2d66.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:8
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c52f02c012997525d116f02586654f05

SHA1
b857b7a3e749bcb312f4d3ddc69e694d66864922

SHA256
66edd87d7dcb093a74ad72d397c4c938ce4a5b9c0c67198af5bc3f3c5d8af19c

SHA512
959bad285198bd61d21297ae52969f34ad543d361af750d77f77eca3cf558d78f7c5c29cda86cdb1f7870e32a7f0236cb7601493840e6bda3ad685dc8a7cd04c

Download Submit
memory/1148-44-0x000001BA391E0000-0x000001BA391F0000-memory.dmp

Filesize
64KB

Download
memory/1148-45-0x000001BA391F0000-0x000001BA39200000-memory.dmp

Filesize
64KB

Download
memory/1148-21-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download
memory/1148-4-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download
memory/1148-34-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download
memory/1148-40-0x000001BA37660000-0x000001BA37661000-memory.dmp

Filesize
4KB

Download
memory/1148-41-0x000001BA391A0000-0x000001BA391B0000-memory.dmp

Filesize
64KB

Download
memory/1148-42-0x000001BA39210000-0x000001BA39220000-memory.dmp

Filesize
64KB

Download
memory/1148-12-0x000001BA37660000-0x000001BA37661000-memory.dmp

Filesize
4KB

Download
memory/1148-43-0x000001BA391D0000-0x000001BA391E0000-memory.dmp

Filesize
64KB

Download
memory/1148-30-0x000001BA37660000-0x000001BA37661000-memory.dmp

Filesize
4KB

Download
memory/1148-46-0x000001BA39200000-0x000001BA39210000-memory.dmp

Filesize
64KB

Download
memory/1148-47-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download
memory/1148-48-0x000001BA39220000-0x000001BA39230000-memory.dmp

Filesize
64KB

Download
memory/1148-49-0x000001BA39230000-0x000001BA39240000-memory.dmp

Filesize
64KB

Download
memory/1148-50-0x000001BA39250000-0x000001BA39260000-memory.dmp

Filesize
64KB

Download
memory/1148-51-0x000001BA39260000-0x000001BA39270000-memory.dmp

Filesize
64KB

Download
memory/1148-52-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download
memory/1148-53-0x000001BA38F20000-0x000001BA39F20000-memory.dmp

Filesize
16.0MB

Download