Overview

overview

10

Static

static

10

8a56975848...26.jar

windows7-x64

1

8a56975848...26.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a56975848a1d89a620394b492ff9ee0c572b986c8823013c7c6ffc41b135626.jar

  • Size

    182KB

  • MD5

    72d880a48d6c4ae3c32f6a740dbfc60c

  • SHA1

    33ab6e72cb5fcc5bb813214b5ca81602f2fb3a3e

  • SHA256

    8a56975848a1d89a620394b492ff9ee0c572b986c8823013c7c6ffc41b135626

  • SHA512

    c2c396e3d3c785ca472a7776d447a69062e296a9f427dadf6d9c977d8fb6345066b4503d864a12ae4a488ce4d4cc6c14f17ef849388f869295b4cdcef0a10ee1

  • SSDEEP

    3072:Yso1+wQs6Xf5uxo99SzQIHes6HaZshUSjRj55Ogem6Dwwxspzxn8:B7wgvcxo9931vR9KD8wxqV8

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\8a56975848a1d89a620394b492ff9ee0c572b986c8823013c7c6ffc41b135626.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4420

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    dc36d1c60c38e4dbe6312ecdf53532cb

    SHA1

    466652ba5a4436e74b7cea2ce24f1628075a31cf

    SHA256

    74adc877be4539a0b660a5f3edc7afd476d2bee712c891c9a02dddf95499ca6d

    SHA512

    71c1f334ad56f265c92ed52086fd29de48632d199493caed768be7e2472d6513a4e11d4aa5bc99c78605cc0868cb5623c31849ec31b2fe8cc00d20045ee0d36f

    Download Submit
  • memory/1472-39-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-13-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-20-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-30-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-33-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-3-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-42-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-44-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-45-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-58-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-70-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-94-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1472-104-0x0000026B9DE00000-0x0000026B9DE01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1472-103-0x0000026B9F6C0000-0x0000026BA06C0000-memory.dmp
    Filesize

    16.0MB

    Download