4e0ddcd303f27c01dcc8a35a9bd821c53fb7dcca474ac7f0c84d3c6451e9f778

Resubmissions

09-04-2024 13:34

240409-qvlrtabe9s 10

09-04-2024 13:34

09-04-2024 13:33

09-04-2024 13:33

07-07-2023 11:45

Analysis

max time kernel
629s
max time network
904s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-04-2024 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Java Install.jar
Size

92KB
MD5

c55f9247eb8ea19af96292f0893f86b5
SHA1

bd5e6884b8151114af7e45a92525893f4d2aaabd
SHA256

16ed7004aa68efab0eda75b3f9bff11508365a4224ef859c91f93029bc441284
SHA512

3efab4ee9e3c9d81efd4e2f164c0a2ae72f688cbd0068cc44a063bf4787ba65b8d2a644ac2f7704fbd059d0ba96665aeff46c2bfba820fb42df06eea7e87ccdb
SSDEEP

1536:QL/61A/qP1+9Qc1+jxjciQnGSzPsRBo0fpL9mjMT8mMhe3gnHGvPvxKpjHr9Uy:QLn/qP1CQpjEGyP0Bxf99mYTX3gmvKLn

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3652	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3652	3424	java.exe	74
PID 3424 wrote to memory of 3652	3424	java.exe	74

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Java Install.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
04673443b27de8da970bc5bd280b3b62

SHA1
fd76140d266fbc4a15949afed4f4c0c6f29915ed

SHA256
fdf82507baa78fb7a11e6e62ac3179f53c429d6829033f38f138ed61d6479c83

SHA512
bccf2e1be0f5e1e2f1c2a199d9a082ba93c34c0a2517fe07cceb906fae110e94bd90afbf5f2475df4be778f25d40fde22c981e488adbd056fbc23244252a1153

Download Submit
memory/3424-84-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-29-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-81-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-4-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-30-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-39-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-49-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-50-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-57-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-60-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-66-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-68-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-71-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-72-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-73-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-77-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-18-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-93-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-12-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-102-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-110-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-111-0x000001C751920000-0x000001C751921000-memory.dmp

Filesize
4KB

Download
memory/3424-121-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-122-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-124-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-125-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-126-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-134-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-138-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-143-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-148-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-160-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-162-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-191-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-192-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download
memory/3424-193-0x000001C7530F0000-0x000001C7540F0000-memory.dmp

Filesize
16.0MB

Download