a51dd83fb2f8ab618515855475f83188b18872db105b624ec4f40a444e09e818

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240412-uk
resource tags

arch:x64arch:x86image:win10v2004-20240412-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
15-04-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apktool/apktool.jar
Size

8.9MB
MD5

a15507953bd9b89c2d6570f46fb1f774
SHA1

261a8e68c72b0ebf70894c40b3c35176a66d86fe
SHA256

0e543660bf2d16fe7c543d4034ef505a6ddccb883416c8aa68d1a1d779b057f2
SHA512

eb519a94a4aecc1358f4a1cc84e03c772d8b59edf8b5e37956a756f0cc2673c5d9d976ad6796543db74cf187763077b4bbcd0519e7f7be845c0e9874d4862353
SSDEEP

196608:lIkbXnl3I3rmGQFTbuGzuJVzNfaTWkxQcGhiO:lIw+mGyTNzuJNkTWk0

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1660 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 1764 wrote to memory of 1660 1764 java.exe icacls.exe
PID 1764 wrote to memory of 1660 1764 java.exe icacls.exe

pid	process
1660	icacls.exe

description	pid	process	target process
PID 1764 wrote to memory of 1660	1764	java.exe	icacls.exe
PID 1764 wrote to memory of 1660	1764	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\apktool\apktool.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1764

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1660

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
ff4ab87644469d69df864fab201a8d35

SHA1
a2848aa1bfbf885d2c7923815a07cbe692d77d2c

SHA256
41aefcb2dc4fe7ab3b2218fcab4d1ca87fa14e50d1a831c89369a67ad446830b

SHA512
983d5d069a019e4986ac3f8b46cdfe43eba8d628058bbeaaaf510f49d78d26ea29d60f335bfb1e4b10f12145af87ef09a39d884b69ec6427caaab887327357f6

Download Submit
memory/1764-2-0x000001F10F650000-0x000001F110650000-memory.dmp

Filesize
16.0MB

Download
memory/1764-12-0x000001F10F630000-0x000001F10F631000-memory.dmp

Filesize
4KB

Download
memory/1764-16-0x000001F10F630000-0x000001F10F631000-memory.dmp

Filesize
4KB

Download