Overview

overview

10

Static

static

10

123.bat

windows10-1703-x64

7

DCRat.exe

windows10-1703-x64

7

data/7zxa.dll

windows10-1703-x64

3

data/DCRAC.exe

windows10-1703-x64

1

data/DCRCC.exe

windows10-1703-x64

3

data/Default.exe

windows10-1703-x64

1

data/NCC2.dll

windows10-1703-x64

1

data/NCC3.dll

windows10-1703-x64

3

data/NCCheck.dll

windows10-1703-x64

1

data/Rar.exe

windows10-1703-x64

3

data/RarExt.dll

windows10-1703-x64

3

data/RarExt64.dll

windows10-1703-x64

3

data/WinCon.exe

windows10-1703-x64

1

data/Zip.exe

windows10-1703-x64

1

data/dnlib.dll

windows10-1703-x64

1

data/dotNE...le.exe

windows10-1703-x64

10

data/dotNE...or.exe

windows10-1703-x64

10

data/enc.vbe

windows10-1703-x64

1

data/upx.exe

windows10-1703-x64

7

data/wRar.exe

windows10-1703-x64

4

lib/IIIlll...lI.jar

windows10-1703-x64

7

lib/IIIlll...lI.jar

windows10-1703-x64

7

lib/IIlIlI...lI.jar

windows10-1703-x64

7

lib/IlIIlI...II.jar

windows10-1703-x64

7

lib/IlIlII...Il.jar

windows10-1703-x64

7

lib/IlIllI...Il.jar

windows10-1703-x64

7

lib/IllIII...II.jar

windows10-1703-x64

7

lib/lIIllI...Il.jar

windows10-1703-x64

7

lib/llIlII...lI.jar

windows10-1703-x64

7

plugins/BS...on.dll

windows10-1703-x64

1

plugins/Bl...in.dll

windows10-1703-x64

1

plugins/Bu...in.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    144s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-04-2024 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlI.jar

  • Size

    5.5MB

  • MD5

    f323bd3b1e342a856bf3036453cd01b2

  • SHA1

    a8c48a731c350d1514ddcc6a99738cb93277fe14

  • SHA256

    64bc153889ab341d4ec8e693fafe117651d3b627d1a608dad951f5b030aab26f

  • SHA512

    764e1643f2f0b2a5c64e2fd52b2ed8cb3597469ec7ea2c28c2009c0d0b1f5e1dbbcc12b6cf36e94ae7db53bb9d118cd3d33ad92de0c3e256b751c5085e3489a4

  • SSDEEP

    98304:P6AIWvMbHGfr92I0e+y4VsDcl7oDWdfV5Nxny4f4OrnFxoKl5Yggs4xZ7Br0e5u4:P6vsMCD9SDyW3ZJTLrUPjff

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlI.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1284

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    9e61b5b5c87133f502e40cdd12a35ca3

    SHA1

    8886ab139dff4e0c53fda4ef46b3c55280d5287c

    SHA256

    c3bb6e30049985744a3a310ca00c1ca781cf683f620c8593d4e2e5635081d113

    SHA512

    6c75ce76136f35ed79cb250a2d133c991d228cef2fcd5db62976785631939c2b6f02a6428d0bb79d029eb091c21f2427e59b84869c9a5b930de4635ee2439be5

    Download Submit
  • memory/4956-2-0x000001C500000000-0x000001C501000000-memory.dmp
    Filesize

    16.0MB

    Download
  • memory/4956-12-0x000001C57CBA0000-0x000001C57CBA1000-memory.dmp
    Filesize

    4KB

    Download