8734bd806a05fa2c9eb1deb90f8997ccd36a43c50e25ad5f3182a27d218de8ca

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd5d61f70b735816be30a3199d6f2b7e.jar
Size

107KB
MD5

dd5d61f70b735816be30a3199d6f2b7e
SHA1

69b2e1cb754fe4f60de05cf2059541976bfaa30f
SHA256

8734bd806a05fa2c9eb1deb90f8997ccd36a43c50e25ad5f3182a27d218de8ca
SHA512

f4c9d1440538a5e4eb4718217662413d414936732b500ab8b2f201117fa8b0c34e3f6a80815d221c0ac3840b54688b1b3c0d9081daf277aeb40b5c073b12c714
SSDEEP

3072:9YJFK8whNIAnBJ74se6TRX2JPtsYHqwmQX2:erKhxnBJMs1TuPFPX2

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4100 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 544 wrote to memory of 4100 544 java.exe icacls.exe
PID 544 wrote to memory of 4100 544 java.exe icacls.exe

pid	process
4100	icacls.exe

description	pid	process	target process
PID 544 wrote to memory of 4100	544	java.exe	icacls.exe
PID 544 wrote to memory of 4100	544	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\dd5d61f70b735816be30a3199d6f2b7e.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:544

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4100

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
b98ec38ce0b23a34394cabcedb4daab1

SHA1
4c48c27d58cb055e01c2118be8ea78db6553fd70

SHA256
047152cd9900398e32d8e9a1acc656fae5bbd229962d0e3cad280229c6c5d65c

SHA512
981c900188a191fd33c0abb3574cc4da08016d3d460061f0478ec2b5fa62ed43658caa439ecd73e69bf37cc915f6f940509ac7c243eb9315e02e93b9b40cab97

Download Submit
memory/544-42-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-12-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-19-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-31-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-32-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-4-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-44-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-49-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-53-0x000002196BB30000-0x000002196CB30000-memory.dmp

Filesize
16.0MB

Download
memory/544-55-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-59-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-65-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-86-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download
memory/544-108-0x000002196A300000-0x000002196A301000-memory.dmp

Filesize
4KB

Download