8ca48599c1722ce48700ef6d847649e4c8dbecaca3f0b7c49cef72c5133de329

Resubmissions

06/04/2024, 04:14

240406-ets9qaah65 7

06/04/2024, 04:12

240406-es1x6sac7y 7

06/04/2024, 04:10

240406-ermddsac51 7

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

navine-3.2.9.jar
Size

8.8MB
MD5

363d14cc2fe833c5abbc068c343abc10
SHA1

09808831dd6becf4cf56063846c1bcee29feac74
SHA256

8ca48599c1722ce48700ef6d847649e4c8dbecaca3f0b7c49cef72c5133de329
SHA512

d9613efc0f27fdf808718b8958c28cf8fc65a933abee314b3967c32e450ef2952621e5d7f3825fa7160143dbf0186a443e4587906899b5c5bea11c944de3840b
SSDEEP

196608:nKgTphPAnxEvh0C1EGxht7g5rrWtAwPvmgtZuJ:KUphGKvhv1uGtAwPnOJ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4272	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4272	4960	java.exe	78
PID 4960 wrote to memory of 4272	4960	java.exe	78

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\navine-3.2.9.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
e2d5177639c5ee657b052cd08675ae10

SHA1
fd179bcdb7437fe8ca50a4c2c8eef33fe40dc5f4

SHA256
faf9178459869951dd55df8c9a93b466155da60522458f92f8f8083edce7611f

SHA512
e70230c603783535492fb54df253f314e757d1dfca85ab6f50a67ac41e88945d20939d1f6e50700968c56febfe963fa51e82fcffddd3ac096d96a2c19f856320

Download Submit
memory/4960-7-0x000001C800000000-0x000001C801000000-memory.dmp

Filesize
16.0MB

Download
memory/4960-11-0x000001C872B20000-0x000001C872B21000-memory.dmp

Filesize
4KB

Download