8ca48599c1722ce48700ef6d847649e4c8dbecaca3f0b7c49cef72c5133de329

Resubmissions

06/04/2024, 04:14

240406-ets9qaah65 7

06/04/2024, 04:12

240406-es1x6sac7y 7

06/04/2024, 04:10

240406-ermddsac51 7

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

navine-3.2.9.jar
Size

8.8MB
MD5

363d14cc2fe833c5abbc068c343abc10
SHA1

09808831dd6becf4cf56063846c1bcee29feac74
SHA256

8ca48599c1722ce48700ef6d847649e4c8dbecaca3f0b7c49cef72c5133de329
SHA512

d9613efc0f27fdf808718b8958c28cf8fc65a933abee314b3967c32e450ef2952621e5d7f3825fa7160143dbf0186a443e4587906899b5c5bea11c944de3840b
SSDEEP

196608:nKgTphPAnxEvh0C1EGxht7g5rrWtAwPvmgtZuJ:KUphGKvhv1uGtAwPnOJ

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1124	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 1124	1216	java.exe	78
PID 1216 wrote to memory of 1124	1216	java.exe	78

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\navine-3.2.9.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3492

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
2ae371819c90eb0acbe6ce29d3c1dae7

SHA1
c93b5b81ceaeed2cadb0d792c6c103da9ff27dd7

SHA256
be07d23884ada5704b3e14b8918006ba5ea28474398cbe9057436f24912ccbf8

SHA512
d786322e14ca25784815e99640f315e77c797d908bdf680f05960b69a9ad0ff8c44ebbfd10c309e4d06ea1fa2242eb7ab251670ffe0c827b80d715eb4a09a25d

Download Submit
C:\Users\Admin\Desktop\ClearBlock.dotm

Filesize
250KB

MD5
b10474809ee8c34b8e95de6988be4779

SHA1
337a63240c2761f92581e73b05fc009bc5665d23

SHA256
1c51d607adb676a8155c7d76e74c9c08f874de2598f117576db5ef876214e695

SHA512
4d3cd54a8af9bdba28c8d4a114628fc4d7eb05eca148b0a2154ec048f9d4d3fc33e2fc4b73924530d653fd9718c67123266264960a50238079f5f3623edfe32b

Download Submit
C:\Users\Admin\Desktop\CloseSubmit.001

Filesize
237KB

MD5
207e1d8fd2d87fdfab7d2f5f206ae0f0

SHA1
84174ed2019dd0ee8ce4b5dcf90d6f0e699644d5

SHA256
b0b3198375d52436a093c389c21a704689b30fe9d22d7e9314dd8df569e7eccc

SHA512
beb9612ac402249ef5be1769336340259276ea8090a32949453785344c3400f7f3d944c8ad0ed4d8b86562f2c21bde53ca40986d9d3f05ef10c916f71ad63331

Download Submit
C:\Users\Admin\Desktop\CompareResolve.rtf

Filesize
318KB

MD5
b0c6243465e2e08abf83709205323f53

SHA1
0f9c1ce2196a776fc8e085f59bdb3d5852bd0336

SHA256
9dc252c78cc32b63f06b2f6aea7bde15312e6304f028b1d2e27acb4d9bde5504

SHA512
dd7228eff191f11f4d63e2ef181e266ffb4adce295f7bd3588280a77b3d8281bb9a56175fcc5ad728264f7050782de194048528fa0917ea9b2cfaa2ce83f18c3

Download Submit
C:\Users\Admin\Desktop\FindDeny.eprtx

Filesize
359KB

MD5
2b69ae5c7746898bae17c6a236a9e9bc

SHA1
7086249ed208c5ab030407c7fc62c6871246f8e7

SHA256
37199710775f393084f972e68ab9c01f2ecdfc578af574768ea52c6cc7859144

SHA512
152a148251e3d79fcc22cf22ebe57cde5fa95c9288f45f4dcc6bede56709d7eaff5671e6a3b4213be5c27ce598bd8872ae62d3624a9762d631c7d1f580ca5e81

Download Submit
C:\Users\Admin\Desktop\FindOptimize.cab

Filesize
291KB

MD5
83f40a14893a73f2d0ea83098bdb9a8c

SHA1
8d65ac3c944a494206cc0557efbcb16a28d8980e

SHA256
d0d9489656236873f65e821f49fb8031cb7131ffedc9469503cab7dd0d1e7bc0

SHA512
b46859b13a956a6b864300e8c2a1e37f0657f34bf35088649761cf3631b2ebccb5e2fa293ec83d13c371ddab91c626ec657bde31388bef5ae5c5f95eec3aa487

Download Submit
C:\Users\Admin\Desktop\MountComplete.odt

Filesize
413KB

MD5
e909e96d8641917b07a993e659fa2b3d

SHA1
1f6d6f85261af80a03369055c7e39575e944bf79

SHA256
052fc859f89c531f6afb150a421f090ded6689208db4dbc857999e4f8f0bd94e

SHA512
696792db553fd4bfc2568d69bede2567c089410501a3896640150cd2e44d10e0bd1b4637b885b10d26be01b763b170b99d11f87a6b70bd850976ae3c964f3ebe

Download Submit
C:\Users\Admin\Desktop\OutRegister.ocx

Filesize
155KB

MD5
86827bcf5be7a63e0db31d7a2f5e0706

SHA1
8d7776889d5e45406753d73801cd5ce133c5b860

SHA256
06da688a351501a072fb70602a6d917ac9d17b733c345d3e9f518a23fc1b3330

SHA512
ec57d1b06cce7763a684df0af2486196616ebb38237809931322b815344279a341679895cd46e48619d10de7bf096dc9f69e33b3fcc5f197e8a0d9304bcdcf7a

Download Submit
C:\Users\Admin\Desktop\ProtectEnable.vbe

Filesize
399KB

MD5
d85ff5777e83b601d3bdfb696e654468

SHA1
06c9fe9137c07d947b626f13425dd869f66263fb

SHA256
2a38c33726c446ad31dfd805a346d499e9a2a6e1ce50bf78556595a1638f4440

SHA512
082186a43925b6a68a6ef57d40fdc20e7158c9d5b8d5878b739c9f081c21714cbb6be22cc2c0a97c154f8d363d0dc96c204365ab106848c361d2979ce79ee160

Download Submit
C:\Users\Admin\Desktop\PublishStep.vsw

Filesize
426KB

MD5
e4ecd8cd5f6333b35083c2471f570486

SHA1
001d7d52f1c8928b8057163547f849f7193dd51c

SHA256
ca2e46a8b5a40d747fb396c6eb706bd8b6b1825ac37fbfcad5f77741cbc31284

SHA512
0c4001aa83268fa3e4cf13cad65f26f8d768344146dd7d1b41556d81a3b2a18b8b04c065d9156a75be668df4d3473279064d9d4b3926d1ae54701a95b70329ae

Download Submit
C:\Users\Admin\Desktop\ReceiveImport.wdp

Filesize
304KB

MD5
182ca8d92455ff57cd2ca010002435a5

SHA1
b6b1359262780264e1e2b8f77ea86ea74cbf1f8c

SHA256
e1eb8597f01dd357d52bd501b71f58fb2c286ef2b28cd844265fc36655b8c1e8

SHA512
ad66558e2303e92add9a1c31c6de4d57b9dc66aedf24dadd90a24d268bb597965f21e8217efe82509d675063803b988ff4c82ff31291f8bfd091e08ed7cb0b29

Download Submit
C:\Users\Admin\Desktop\RemoveRegister.rtf

Filesize
345KB

MD5
85bbb5938e8a84a70fb2c985bbfba158

SHA1
63f5acb01a1df3c30a3a5d593d27c248121e9cf5

SHA256
f6b87e7e30449f2eba0932c9808c2553e7f7ae2292e4149502a6fd78d54d27b8

SHA512
d1930ccbe6a743c634a1b498428dc69dde9b9d7463020ccaffca162b048b4ad3f7d8ecef6cc70fe3fd5b65bec5c120bd85c0948d12b61bddc4708a38646368b8

Download Submit
C:\Users\Admin\Desktop\RenameUnlock.php

Filesize
196KB

MD5
04383d2fbbd383f45517d920a0e4ba80

SHA1
a20e06dc81dd2e36a12d16a44fdeaf7a4fbfc18d

SHA256
754dfdd4a9dc9075a58c7ed7adb23536536de7551599e76665d5405420faf66a

SHA512
e8e1c7331023567d606498bcdc9ef1c16ab8c8827445ae3240aad1a9c733cd22a5af4a87063e4e2adfba73a2090d3c311da2a288d13effcebae2912de330b313

Download Submit
C:\Users\Admin\Desktop\RequestExport.mp4

Filesize
609KB

MD5
bc21d4486e12709582c76f7a36a4008a

SHA1
71046d5fb8d37f5b1fb86b98c6c0a2da58f153f8

SHA256
7df717b2a883619d1399da3a0671d399cb87247d01c67321bdbea33cf6038d13

SHA512
3f04c726c7059a127f73045b1655703e12b133e472640250731af03de3c2740fa66bc8bdb6a31fceaef763e5108d1923adb59341446d375295e67ad4b16c78df

Download Submit
C:\Users\Admin\Desktop\RequestShow.ocx

Filesize
386KB

MD5
696b82b7cf1f8faae9c37b270fc8d13e

SHA1
8d3ee528837f6eb8198804c908181e73ba2536d3

SHA256
4e4eed0fbd8602ca1076645dec56be231566fe813e545776198f01ff28fc3e9b

SHA512
e82950585192ae527eaf969dd45bd12c63564541a4b4b5e05f9da1a868ecbb1330b259ec0cd06ca27acc63b43d3e8e562f181376a94785c3d190e0d52366fe51

Download Submit
C:\Users\Admin\Desktop\RestartStop.vsdm

Filesize
169KB

MD5
2ab23c352bcacd4d729e00b9a8b0375a

SHA1
4fed380d89b36211885eb8dc2c81deb952f8b8fd

SHA256
a9441cfbfcb6d8052c77b7232152c8346ca5c7335805f1b43356c39c91750373

SHA512
2a8bccc849987746882aa0ba72a439136ce5eaeb6c2ea2fd8811128bc2e5fff79e2b86d15906c8f6957f4c6e8004a380dd7a18b971032954c1f5a09c205d43fd

Download Submit
C:\Users\Admin\Desktop\SelectLock.csv

Filesize
210KB

MD5
fa5fa41689cee934ddd81728db7b9481

SHA1
4198a042bd07ee4282a5a1a48f27baf5eebdfe2a

SHA256
ab163db511bda7de1d0a200bccd509e1ecaffa05896ff6c5da9e15a7ce6fe5a5

SHA512
c3206663a7b0b15dd73d80065419c6c49efe581621cd727124c12b8e9ffc08a6fc0362c22dfd98ceae4c0296935119adaf6d6a6cc9a5db2ec64a1fd1dc0b8a4c

Download Submit
C:\Users\Admin\Desktop\ShowClose.ttf

Filesize
223KB

MD5
fcaced2d579c121b061fc1fe34376255

SHA1
fdf4db95687cc3ea0c0ad3157830ec707d54d606

SHA256
aa713721b7926deed0f69ba126f15b5464d8573e93bba8f4b34c0b81b75e1860

SHA512
79f65296f4dc0f46a6c6e08863663096f4674a517f24153cfd305fa61a76f077871120050df4d17e653560e6cce23427334c32d673097bd262e9661e9d41ae17

Download Submit
C:\Users\Admin\Desktop\SplitReceive.tiff

Filesize
440KB

MD5
1b541486d6a15960311478d3c7abc5dc

SHA1
bf4e088f46952e5a9ae6cac63adef876d5d59eba

SHA256
b1b3de2e1681e668043bc36dd469c95c4259cc2c6b21b69f2f79194a2782c97f

SHA512
c0bcc8af5c0c0e3b1e34a966f5b87f389c7a5c1bfcc7a8771ffbef33b4f2a426aa23029d38e2ac992b6de05d66492f837e1a26962cf7db04f4dbd33f5d013575

Download Submit
C:\Users\Admin\Desktop\SubmitMerge.TTS

Filesize
264KB

MD5
5e1f297b1ea34a2520311ee69d3b18ff

SHA1
56061954e717b1bf59ff9464e810601bad762075

SHA256
fb4be5d427bb591871c5094df0320a568278c089a5e9a6f9bd120d26feb05c8e

SHA512
587854552930d345b57b112914095e3cf96afaf14c6e1fcd39bce2573cff933f6a1156b6a032a40437780aa8c165ee44167d47bf9acdf61bce86ad4812eff2cd

Download Submit
C:\Users\Admin\Desktop\SwitchRestore.docm

Filesize
372KB

MD5
ab35e3221f4143c13788d294266d6b8d

SHA1
89ea42dce3b1cddd25cf472f25bea5675d0c6cc3

SHA256
16c636c3520e87752987026abd3383baf34548aa112b442ab5dddd13a69a639a

SHA512
83c2ffb9b932d45bb9e14eb3c6193adba465e5a49102edd1105d077562ba5bd35420cd03585325004a1af3529e0d835b6252d75421272bf2ddbdf57cd0fa973b

Download Submit
C:\Users\Admin\Desktop\SwitchSearch.dwfx

Filesize
331KB

MD5
01a35c2fda48f98e44b3e31b67423740

SHA1
cbd5123609c24c443225d1a87265969b82c999a6

SHA256
6d63b37aa11f1369adfc5a3efc6be8854fc4b8817a48dc2141288f71e2789f83

SHA512
eb07828a4c2f2c81ead1aeab175a0857a3670ce5d65c4524ea86475897968005bce2de4ea7eaca9941f1251b063c0e8f775c87e2675e8d1565c5f04b4993ddab

Download Submit
C:\Users\Admin\Desktop\SwitchUnprotect.ps1

Filesize
277KB

MD5
7e79047183998343eb771121be098ab5

SHA1
1c6daaa53c6fac7b7be4ce7caa804cbe37bdf1ef

SHA256
442b21b90dda17cc640560562a7ed5fe5f643bfa15f4656ef80d2ce468b2bdca

SHA512
ff1a9464ba0367ace93d1d21655bbe6c0902c5b5b968f1686a46b30116f4c2fcdb5ad934ddc2d95f419000bf6c93c184ddef817e4454e7e7e742b9f79125a3ce

Download Submit
C:\Users\Admin\Desktop\UnpublishResolve.ogg

Filesize
182KB

MD5
fac46c377e1f37e890fbc8cd46f7c5bd

SHA1
43b2eddd343c4280bba0d35d2ba07a6c68b69d38

SHA256
8c800fa3868f8474ed83fa6a541428f55f923189c0a26d1dcfa13de8358cc3d2

SHA512
039b57421c33c4cdde7faead8a4a2861d43499d453365be29485fa4ecade1740602d06e4b2a2aedb12989fa1192ece1c71d9389990d1781381bc054b51ca1894

Download Submit
memory/1216-7-0x000001D261350000-0x000001D262350000-memory.dmp

Filesize
16.0MB

Download
memory/1216-36-0x000001D261350000-0x000001D262350000-memory.dmp

Filesize
16.0MB

Download
memory/1216-11-0x000001D25FB00000-0x000001D25FB01000-memory.dmp

Filesize
4KB

Download