Overview

overview

7

Static

static

1

Hael9-1.8....er.jar

windows7-x64

1

Hael9-1.8....er.jar

windows10-2004-x64

7

Hael9-1.8.6/gradlew

ubuntu-18.04-amd64

1

Hael9-1.8.6/gradlew

debian-9-armhf

1

Hael9-1.8.6/gradlew

debian-9-mips

1

Hael9-1.8.6/gradlew

debian-9-mipsel

1

Hael9-1.8....ew.bat

windows7-x64

1

Hael9-1.8....ew.bat

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hael9-1.8.6/gradle/wrapper/gradle-wrapper.jar

  • Size

    51KB

  • MD5

    1db3d94cdf0852ca9e8a0110cbd9d7bf

  • SHA1

    7c1e9e9613f350f1797ff30013c39689c86a5325

  • SHA256

    718d7b25ea60b357fc4cb2212ce10b3f03dfd0e6fe5f23f565b15553ec46bb7e

  • SHA512

    5223ad120149d158d5496f190ccd02d6dde5881c41502d37e98dbfc81e6da430511f5570ee1291f688e4822b8b7342f9b2f17bca96f0a1ec6997ab6d2cefa614

  • SSDEEP

    1536:xxLBZ8CrnFbQsB6eh5A63c0iptK1MXXb4dYT3m4:fBWmnVJ6eh5Ab0kqWMqrj

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Hael9-1.8.6\gradle\wrapper\gradle-wrapper.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3476

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    0bd56aa51c4750a77947583d02c42571

    SHA1

    83e9aca38f4d4e22c9035dd2ade855c9a338c0df

    SHA256

    015f3116a700b1dac2f1c16d4c108cd2bef7ec9d61a1b76ed3dcf0f9e1abd47a

    SHA512

    f3f370ced64462f0dbac1f30c1f1b54fa8ac606630dc12c2ec21bb9482513c1dca882c85b1b1b7029622966ccc509f277866e76b56f59584ac4f1f4a5a8c7110

    Download Submit
  • memory/1404-4-0x000001DE12380000-0x000001DE13380000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/1404-12-0x000001DE10B70000-0x000001DE10B71000-memory.dmp
    Filesize

    4KB

    Download