685549196c77e82e6273752a6fe522ee18da8076f0029ad8232c6e0d36853675

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

decec0149d94826aa21f3b2765e1c4b4.jar
Size

217KB
MD5

decec0149d94826aa21f3b2765e1c4b4
SHA1

30c4c507acecf7c4e0203d8540f21d699c2d6652
SHA256

685549196c77e82e6273752a6fe522ee18da8076f0029ad8232c6e0d36853675
SHA512

209bfcd63911cfa87ef2ae4a43482543b167083020316262aaa990ee1319b219262bbefaa7a2571887d6af9806d7abf8e8d87a7c8d3bb877141f1e7ba4bea0d3
SSDEEP

6144:UNhoC6s6Gswd53gnGkNmM403pIFDSwYacvToLLaU2v6z3oOrGD6:86k/gRP3yFmwYVrOLaU2vNOr/

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1580	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1580	2556	java.exe	94
PID 2556 wrote to memory of 1580	2556	java.exe	94

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\decec0149d94826aa21f3b2765e1c4b4.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=2228,i,17475224967547320003,13667387715861799238,262144 --variations-seed-version /prefetch:8
1⤵
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
592f572531bc3dff263884ba4b069e82

SHA1
0654b70b4661ce324c348d9a1dabaf1b6e3262f1

SHA256
5ecedace8783d12f45b38dd513a9b86ea2f27ef91a7d06adae79dd5f15fd7331

SHA512
ba272e0f1cdad78b19c2b30bc6a9a0aca843c21e881d8dfda4da41d9ff630a1070fafd6d4d1c16561aef9c10e6d4ee2f855a6f7d1074e56881f8dcbf067c4d55

Download Submit
memory/2556-4-0x000001F1B1590000-0x000001F1B2590000-memory.dmp

Filesize
16.0MB

Download
memory/2556-12-0x000001F1B1570000-0x000001F1B1571000-memory.dmp

Filesize
4KB

Download
memory/2556-13-0x000001F1B1570000-0x000001F1B1571000-memory.dmp

Filesize
4KB

Download
memory/2556-20-0x000001F1B1590000-0x000001F1B2590000-memory.dmp

Filesize
16.0MB

Download
memory/2556-22-0x000001F1B1570000-0x000001F1B1571000-memory.dmp

Filesize
4KB

Download
memory/2556-23-0x000001F1B1810000-0x000001F1B1820000-memory.dmp

Filesize
64KB

Download
memory/2556-24-0x000001F1B1820000-0x000001F1B1830000-memory.dmp

Filesize
64KB

Download
memory/2556-25-0x000001F1B1830000-0x000001F1B1840000-memory.dmp

Filesize
64KB

Download
memory/2556-26-0x000001F1B1840000-0x000001F1B1850000-memory.dmp

Filesize
64KB

Download
memory/2556-27-0x000001F1B1850000-0x000001F1B1860000-memory.dmp

Filesize
64KB

Download