Overview

overview

7

Static

static

1

apktool_2.9.3.jar

windows7-x64

1

apktool_2.9.3.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apktool_2.9.3.jar

  • Size

    22.2MB

  • MD5

    e28e4b4a413a252617d92b657a33c947

  • SHA1

    0cbafb8be18382745fbbfd9c1faf28351e339005

  • SHA256

    7956eb04194300ce0d0a84ad18771eebc94b89fb8d1ddcce8ea4c056818646f4

  • SHA512

    c4867b62c4dbe2b03ffa4f28458138541dc765aafeef84becc9a10d001e67bf6c49a6dab54b0ac6c292bac65c50764efe17d8c7ff6bdf26dc4e960042a8f4162

  • SSDEEP

    393216:rmpwG7YAENU4UTzO3uGhgmdfPQegpla49w9kdtByBfZkIq/EYDlsBbjYS:apwoQjUK3H9hPBgza49ykdWBfZkIUE0y

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\apktool_2.9.3.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4872
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3408
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\apktool_2.9.3.jar"
      1⤵
        PID:5008
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        1⤵
        • Checks computer location settings
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:4620
        • C:\Program Files\Java\jre-1.8\bin\javaw.exe
          "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\apktool_2.9.3.jar"
          2⤵
            PID:2248
          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
            "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\apktool_2.9.3.jar" -h
            2⤵
              PID:4588

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
            Filesize

            46B

            MD5

            c7f925fe3afc77a1fb1d1c35d52f4cde

            SHA1

            ae932abe7658d59f018bc2640d273adf20fc1162

            SHA256

            ff0f94a9201ff01d0787bb0c29212a0b60bd5c14e130e06bc3f624dcb3c9520d

            SHA512

            73d84ce087080cc103a527cbc874538f944f3e31db6b8152003f0bd7d9cc7193e7dd56884b1d6ea15b4fb71cc933d9af9dc05d330382ce5077a682a049a9ce44

            Download Submit

          • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
            Filesize

            46B

            MD5

            6cf15153032c7e6f5ce167b393bc5f18

            SHA1

            edea2f5b5094e6183c32be74d2dfb19a1c8fe42b

            SHA256

            868505e11ed231a7c9a12b67ea3aa1c12613e5ec866070ec58feb4a95934f315

            SHA512

            2210b9e2fccdd5e5f677b5fcaf7638ea30042c9d201a225dd9dd66bcaa294ed8fc473eb43de31bccc90648b2cb18a582ec227cc1a4a3ee68394fc3676592aa00

            Download Submit

          • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
            Filesize

            46B

            MD5

            568a26b513a7586be343fb083cbc60e6

            SHA1

            402761da186a71b05754d31349612515c1aa622f

            SHA256

            e4f9557d04d11040460c14cfd12f8bc3f5a35db4edcec4474ace6b4d9d21fae7

            SHA512

            4822b5474d12e6e5f7fecdb9fa09507e84981af5a6b6fb1b1cef19afdc408b4352d849c253a3e7f67c342f1da6ddfdda4e023a150e85866f27e6368b471aa4d3

            Download Submit

          • memory/2248-42-0x0000025D86670000-0x0000025D87670000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/2248-49-0x0000025D86650000-0x0000025D86651000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2248-45-0x0000025D86650000-0x0000025D86651000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4588-55-0x000001B380000000-0x000001B381000000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/4588-62-0x000001B3F3D90000-0x000001B3F3D91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4588-64-0x000001B3F3D90000-0x000001B3F3D91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4816-15-0x000001DC075C0000-0x000001DC075C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4816-4-0x000001DC08DE0000-0x000001DC09DE0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/4816-12-0x000001DC075C0000-0x000001DC075C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5008-32-0x000002A0133F0000-0x000002A0133F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5008-28-0x000002A0133F0000-0x000002A0133F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5008-27-0x000002A0133F0000-0x000002A0133F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5008-24-0x000002A014CC0000-0x000002A015CC0000-memory.dmp

            Filesize

            16.0MB

            Download