Overview
overview
7Static
static
1Hael9-1.8....er.jar
windows7-x64
1Hael9-1.8....er.jar
windows10-2004-x64
7Hael9-1.8.6/gradlew
ubuntu-18.04-amd64
1Hael9-1.8.6/gradlew
debian-9-armhf
1Hael9-1.8.6/gradlew
debian-9-mips
1Hael9-1.8.6/gradlew
debian-9-mipsel
1Hael9-1.8....ew.bat
windows7-x64
1Hael9-1.8....ew.bat
windows10-2004-x64
7Analysis
-
max time kernel
125s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 21:58
Static task
static1
Behavioral task
behavioral1
Sample
Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Hael9-1.8.6/gradlew
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral4
Sample
Hael9-1.8.6/gradlew
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral5
Sample
Hael9-1.8.6/gradlew
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral6
Sample
Hael9-1.8.6/gradlew
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral7
Sample
Hael9-1.8.6/gradlew.bat
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Hael9-1.8.6/gradlew.bat
Resource
win10v2004-20240412-en
General
-
Target
Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar
-
Size
51KB
-
MD5
1db3d94cdf0852ca9e8a0110cbd9d7bf
-
SHA1
7c1e9e9613f350f1797ff30013c39689c86a5325
-
SHA256
718d7b25ea60b357fc4cb2212ce10b3f03dfd0e6fe5f23f565b15553ec46bb7e
-
SHA512
5223ad120149d158d5496f190ccd02d6dde5881c41502d37e98dbfc81e6da430511f5570ee1291f688e4822b8b7342f9b2f17bca96f0a1ec6997ab6d2cefa614
-
SSDEEP
1536:xxLBZ8CrnFbQsB6eh5A63c0iptK1MXXb4dYT3m4:fBWmnVJ6eh5Ab0kqWMqrj
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1404 wrote to memory of 3476 1404 java.exe icacls.exe PID 1404 wrote to memory of 3476 1404 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Hael9-1.8.6\gradle\wrapper\gradle-wrapper.jar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestampFilesize
46B
MD50bd56aa51c4750a77947583d02c42571
SHA183e9aca38f4d4e22c9035dd2ade855c9a338c0df
SHA256015f3116a700b1dac2f1c16d4c108cd2bef7ec9d61a1b76ed3dcf0f9e1abd47a
SHA512f3f370ced64462f0dbac1f30c1f1b54fa8ac606630dc12c2ec21bb9482513c1dca882c85b1b1b7029622966ccc509f277866e76b56f59584ac4f1f4a5a8c7110
-
memory/1404-4-0x000001DE12380000-0x000001DE13380000-memory.dmpFilesize
16.0MB
-
memory/1404-12-0x000001DE10B70000-0x000001DE10B71000-memory.dmpFilesize
4KB