cc8c65c5ee4750e78678be926b6b222f63650bdc16c95be092bae89b6c658ee8

Resubmissions

24-04-2024 16:03

240424-ths7xach78 7

24-04-2024 16:01

240424-tgnk2ach54 7

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DZLauncher.jar
Size

20.3MB
MD5

d8e97480161e7c7669a49e2a338be3f2
SHA1

5d50385ce20778c24f07bc510440ae23a2a46ef8
SHA256

cc8c65c5ee4750e78678be926b6b222f63650bdc16c95be092bae89b6c658ee8
SHA512

43d0220c8f10742b7489f88d29a8ecd8d76c1265e51c14d7eff3fc53c9108a07b8b66dfd09e665090a343c0b999fd0b30c9d8d034684df5bf147ad108a227309
SSDEEP

393216:+1jhkyWMtFu79w7dcNUea6E0MbZhGfmJ0GlUPZtTnwA:+9ttFM9W2NH1q74m+HjwA

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2036	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 2036	4936	java.exe	86
PID 4936 wrote to memory of 2036	4936	java.exe	86

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\DZLauncher.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c82659da10743217017e1251ff3a0973

SHA1
801af5433ea1a53170a1b2b50722fb1b0efcf150

SHA256
d0bed9dd587330a2f31b421e89442e8441730c5cda03d04fcdeec090911e705e

SHA512
0013c924f6850b4581c14c55462ad4a39adfac2862aeaeb81eb45998a4356c13e3aca78f6e0708992b71e935012bbfd34026ba4a083a6b4a3fd111d15df1b20b

Download Submit
memory/4936-4-0x0000029C57600000-0x0000029C58600000-memory.dmp

Filesize
16.0MB

Download
memory/4936-13-0x0000029C55D20000-0x0000029C55D21000-memory.dmp

Filesize
4KB

Download