Overview

overview

7

Static

static

1

C-RD1.jar

windows7-x64

1

C-RD1.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C-RD1.jar

  • Size

    395KB

  • MD5

    81e621517a407ae36da0a767b960c88c

  • SHA1

    421f3489d10b803e2dd64d0b47ce619da2da448a

  • SHA256

    ca438598c383fab834c5e52369032e30c657f8f70cbb095f181ea7779d34bba1

  • SHA512

    cd0510723447c5ace63f4ec9eb1aa0aa7d9d56b70f08b16c92c71b9825351122e59c1b5173e1e7288f59a8d732be122e90be397521f80e71328d743ad172788c

  • SSDEEP

    192:WtZ3hAJtjmbwOqaI55LEOkOYiDiMkCjvDhvLlSIz3v4M3LwsUE+1MB7hikCOrPiH:cZ3hOOJvsEOWGWCjvSmwM7wsTvQMC

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\C-RD1.jar
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3700
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1532
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3660 --field-trial-handle=2272,i,11831746627654527593,10138103687018060346,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      5f0220380be2ee3f8febbfdd12807a61

      SHA1

      5b704c2befa1266425817a6bdd716cbc6274c68d

      SHA256

      efefea63ffe712255a6ed9d007d4eb65239e71fd373da03dc68b944a386d2a06

      SHA512

      dbb9a0496d60b0e5a2e6bcc61f484f05fb08f318e7c4a366386bae7c3b796766326738a4ed112a11c70b69aa10138496b33842a7bcf746dda371c5ef9ee66cce

      Download Submit

    • memory/3700-27-0x000001DE9D750000-0x000001DE9D760000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-12-0x000001DE9BBF0000-0x000001DE9BBF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3700-19-0x000001DE9D4D0000-0x000001DE9E4D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3700-24-0x000001DE9BBF0000-0x000001DE9BBF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3700-26-0x000001DE9D4D0000-0x000001DE9E4D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3700-4-0x000001DE9D4D0000-0x000001DE9E4D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3700-28-0x000001DE9D770000-0x000001DE9D780000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-29-0x000001DE9D780000-0x000001DE9D790000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-31-0x000001DE9D7A0000-0x000001DE9D7B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-30-0x000001DE9D790000-0x000001DE9D7A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-32-0x000001DE9D7B0000-0x000001DE9D7C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3700-33-0x000001DE9D4D0000-0x000001DE9E4D0000-memory.dmp

      Filesize

      16.0MB

      Download