9ed7471a88af9cb42f5f22abc3deebb816170a7f1813c509038f059560b64b5a

Resubmissions

26/03/2024, 21:53

240326-1r5qmagc8y 7

26/03/2024, 21:52

240326-1rhwvsgc7t 7

26/03/2024, 21:52

240326-1q7tlagc6y 1

Analysis

max time kernel
16s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
26/03/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.jar
Size

29KB
MD5

56a0eef3a96bf373db1298bc6cb63158
SHA1

f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256

1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512

d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492
SSDEEP

768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1272	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1176	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1272	1176	java.exe	88
PID 1176 wrote to memory of 1272	1176	java.exe	88
PID 1176 wrote to memory of 228	1176	java.exe	93
PID 1176 wrote to memory of 228	1176	java.exe	93

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\loader.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1272
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6056e80675d14d872d15bd840658dad4

SHA1
e78b557ecec66610e1dbe4ad7f57a0d4f08184e2

SHA256
ad784cf4738d9e743f66ee74e8d8ea71f7f152bbb92b0d97407563aa7db2c217

SHA512
7fe656a8e067a71d50091245f3c658b20c939086ef464ca7a59cd39ee0ce8ff6ed3cc3091dfd359304a165f85c6c1f82f929822a558d4156ccb4c26a77b24ce7

Download Submit
memory/1176-4-0x0000029D32E90000-0x0000029D33E90000-memory.dmp

Filesize
16.0MB

Download
memory/1176-12-0x0000029D315A0000-0x0000029D315A1000-memory.dmp

Filesize
4KB

Download
memory/1176-20-0x0000029D32E90000-0x0000029D33E90000-memory.dmp

Filesize
16.0MB

Download
memory/1176-22-0x0000029D315A0000-0x0000029D315A1000-memory.dmp

Filesize
4KB

Download
memory/1176-27-0x0000029D32E90000-0x0000029D33E90000-memory.dmp

Filesize
16.0MB

Download