Overview

overview

7

Static

static

1

Exe2Image.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Exe2Image.jar

  • Size

    12KB

  • MD5

    1264ed24642d11e19e500795d790c9ee

  • SHA1

    b209d1a2407746269f2798d3abd0fb002033f87a

  • SHA256

    068958cff1a6362726a51d9a171ec0b8c149e0306702583c88e180a8bd86a7dd

  • SHA512

    3a4eb9e5c9dc752b610e60ec511aff06caefb9429d2762fb1d1e37e66b5897e003d7b61acfe8973cd8fd6ae25c0b56ae95c01a2e4e59fe2968c87bf0acb60434

  • SSDEEP

    384:dazwazRxlaCh/Q5q2Fd5KRp/7Q8SgpYNkv:davfrh/QZFHKP/YNkv

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Exe2Image.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    a05640c8944e4725ce71673bde497513

    SHA1

    bfa6447a3f948d6f4df5e23d62d0fed68eaa8307

    SHA256

    4df20d4290fae48bff2d14707158a61c2a8cabb0fb60cabfe363282d06ef21b7

    SHA512

    f6a4e284b20566a9c47294e6478e215a23b40ff093f84e84f1b6363ed97faea2de2395d90216e2770dbb760efd646874b6ffd5ab975b72641cb3f6dccf7e6437

    Download Submit

  • memory/1848-2-0x0000026304550000-0x0000026305550000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1848-15-0x0000026302C60000-0x0000026302C61000-memory.dmp

    Filesize

    4KB

    Download