5fd0039fd179dec48368b76d067e9c429f698e026fca77cffbc8f2aab1b274c1

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fd0039fd179dec48368b76d067e9c429f698e026fca77cffbc8f2aab1b274c1.jar
Size

457KB
MD5

b19f8c662cb07c6c5acde9ed2f9d8799
SHA1

0c76ea796e88e037eba2799b753b2d4f7de686b8
SHA256

5fd0039fd179dec48368b76d067e9c429f698e026fca77cffbc8f2aab1b274c1
SHA512

7e762e209c19f86e65a676da19b7cad67198a9e58d854f59d487f7ea62723e916ace5f8fcdce8d37fd638ae69f5e8fed730200832005947b29902dbcb85accc9
SSDEEP

12288:0F6xcPZucdVq65Wbpmzas3AjqSyaIXvzIGdJU1O26K/MMC:O6xitVDImzLUGQR6KUMC

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5076	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 5076	1940	java.exe	86
PID 1940 wrote to memory of 5076	1940	java.exe	86

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\5fd0039fd179dec48368b76d067e9c429f698e026fca77cffbc8f2aab1b274c1.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
4d1c8aedd3f7459f1d6c03ec33902260

SHA1
0a0e27738719a4b75dad8f6b93ddb38e09750f30

SHA256
d14607ca562ab6c0955f5efc0187c3b8f3aef4a59c6eaba3757aeaa2791e7e64

SHA512
186cd505b542ae80a88214173bf696710e015a93027f638fc29af2feba3ef992a4b116cb540b240dbc83c9742a7c003672dedb5058c96c891ced3e88ef789ee3

Download Submit
memory/1940-40-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-12-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-13-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-21-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-33-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-4-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-41-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-43-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-48-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-51-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-59-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-65-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download
memory/1940-67-0x0000019BBCDE0000-0x0000019BBDDE0000-memory.dmp

Filesize
16.0MB

Download
memory/1940-70-0x0000019BBCDC0000-0x0000019BBCDC1000-memory.dmp

Filesize
4KB

Download