356b0d87f6bed04f155feeaab0c7d2b7d867214c5c124584625f07cd8f3ec865

Resubmissions

23/04/2024, 00:04

240423-ac2gjshh67 7

Analysis

max time kernel
34s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launcher-1.0.jar
Size

6.6MB
MD5

5c38ef0322b18059377bef0fc76f2b2f
SHA1

6b9b7b5b10b38e05b665fbaa9fb2e4762fc5a37d
SHA256

356b0d87f6bed04f155feeaab0c7d2b7d867214c5c124584625f07cd8f3ec865
SHA512

e4fc9d3393a3d4f711df6b6145f83dd81912649e89c0d5cfd1900d5740a6eb145ae28232c05680ef4e0bec9b5e53f43efd479d277103ddad488a7f471809a994
SSDEEP

196608:qn3JrwbTDBDkmWt7i8heVQzSjVpAK/IpjIAUPC:q3xw3NDkmieVQzyYjWPC

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3548	icacls.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3548	2512	java.exe	92
PID 2512 wrote to memory of 3548	2512	java.exe	92

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\launcher-1.0.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6259f344e43a3d95602f15e2e3cbe9c0

SHA1
2291b6deb3db60acaaf49810b5a75e1ecf93dd23

SHA256
83fa00f48a591c9707ed23185aabbc2a838ffe53fd75188a864dfa071a7b1b80

SHA512
708a755e7cb87be014854c47ef4b0992095f9516258ed6d1a06092452aee85bc3555018526fc45ae6b37bc045bb6adc0317d2e4e408418d339778f16ab81f1ba

Download Submit
memory/2512-2-0x00000213A4F70000-0x00000213A5F70000-memory.dmp

Filesize
16.0MB

Download
memory/2512-12-0x00000213A3660000-0x00000213A3661000-memory.dmp

Filesize
4KB

Download
memory/2512-15-0x00000213A3660000-0x00000213A3661000-memory.dmp

Filesize
4KB

Download
memory/2512-23-0x00000213A4F70000-0x00000213A5F70000-memory.dmp

Filesize
16.0MB

Download
memory/2512-28-0x00000213A4F70000-0x00000213A5F70000-memory.dmp

Filesize
16.0MB

Download
memory/2512-29-0x00000213A51F0000-0x00000213A5200000-memory.dmp

Filesize
64KB

Download
memory/2512-30-0x00000213A5210000-0x00000213A5220000-memory.dmp

Filesize
64KB

Download
memory/2512-31-0x00000213A5220000-0x00000213A5230000-memory.dmp

Filesize
64KB

Download
memory/2512-32-0x00000213A5230000-0x00000213A5240000-memory.dmp

Filesize
64KB

Download
memory/2512-33-0x00000213A5240000-0x00000213A5250000-memory.dmp

Filesize
64KB

Download
memory/2512-34-0x00000213A4F70000-0x00000213A5F70000-memory.dmp

Filesize
16.0MB

Download