cc8ee0e5b4a053369095b810a527895ee1357b4f1a9e7c82d769eaf5e4699798

Analysis

max time kernel
0s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-04-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSRV-Build-1.27.0.jar
Size

9.8MB
MD5

1653da0d8ff485ed138bbf3f4c03aa2e
SHA1

f55005317a18ec583a64821cf310b91d8f475c15
SHA256

cc8ee0e5b4a053369095b810a527895ee1357b4f1a9e7c82d769eaf5e4699798
SHA512

d1e43715fbac2a83360057e4760a0e7e70bb26be5621a596ee3c95d718acfb801707e74f0ee1782dbb0f4877eab0159335a61c893dbcdd682752a868af33521f
SSDEEP

196608:8/NArCr09d+JSf2RwXEHMkVdG+Ih6zXsO8tEAMylrhKKUJK:ANAhUJtskS+IgXb8WwlrhxUs

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4812	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 4812	2796	java.exe	73
PID 2796 wrote to memory of 4812	2796	java.exe	73

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\DiscordSRV-Build-1.27.0.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f84399ada0a8f648f6d481b8eaefa6c4

SHA1
fead4030103425ff9c0a8cf857d344bad0c64ddc

SHA256
983517156391d670a2b33d93d8925af93bb05ff95606d42dea784d68a76978a3

SHA512
eb3910e65ecafece5ead1bdffcb55f9cb80e7f102bdf839058ba64d36f692a7fc48885ba85442f8f2b7674c5ed4dead01477b7163758465cc286ae00083e46a4

Download Submit
memory/2796-4-0x000001BDE8170000-0x000001BDE9170000-memory.dmp

Filesize
16.0MB

Download
memory/2796-11-0x000001BDE6950000-0x000001BDE6951000-memory.dmp

Filesize
4KB

Download