1736a213bf4bec7f44f8b9793e07dda03d1d779b55d65ea1f762b598b0059bf6

Analysis

max time kernel
1783s
max time network
1177s
platform
windows10-2004_x64
resource
win10v2004-20240226-de
resource tags

arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
submitted
28/03/2024, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.jar
Size

639KB
MD5

1b5d97bd2b75a8fb98186f32dfa25870
SHA1

9cc98c9b34c479161cfb6bf9936667fe455b0290
SHA256

1736a213bf4bec7f44f8b9793e07dda03d1d779b55d65ea1f762b598b0059bf6
SHA512

bdd46846e1d1e630b9645719dde8b09590e04733c1563014c245b5dccc6a4770535380bd778ed540e3669d3441d550780e3064d67699cc3c2809d59503147164
SSDEEP

12288:jPNIQy/KYShUT4TQIYvXgA/lRH+tS+NO5XgQJiR0F3ius2tsS1bDoUF:jPGQ2Ch04MPXgAf2HO5wCfiuRtv1bDos

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1228	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3584	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 1228	3584	java.exe	87
PID 3584 wrote to memory of 1228	3584	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\test.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
313adfe69ce9fddab0371b28351eb01b

SHA1
113546a92291505ee5f447453c4cd6e3501321a7

SHA256
8318e236c2cd2352b499279db7b3aed41f0ffba9d49e1ee254e74e5853d34484

SHA512
e1c97826b7c5cde413d473bb581d6f5e987fc1dffc8d8a4473944eb0a5848a51a9eda43c886b160078f032ff3b824b3f31bacd90e5dec1d2bd2171c0a41539f5

Download Submit
memory/3584-4-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-12-0x0000015328DA0000-0x0000015328DA1000-memory.dmp

Filesize
4KB

Download
memory/3584-21-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-25-0x0000015328DA0000-0x0000015328DA1000-memory.dmp

Filesize
4KB

Download
memory/3584-30-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-31-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-32-0x0000015328DA0000-0x0000015328DA1000-memory.dmp

Filesize
4KB

Download
memory/3584-33-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-34-0x0000015328DC0000-0x0000015329DC0000-memory.dmp

Filesize
16.0MB

Download
memory/3584-36-0x0000015328DA0000-0x0000015328DA1000-memory.dmp

Filesize
4KB

Download