96411231a3db323ccb53de3dad0fd7714b0140dd9284cabaf4eddd22055ae047

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 02:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02362d56f961ab2b33ff57b6ee602480_JaffaCakes118.jar
Size

452KB
MD5

02362d56f961ab2b33ff57b6ee602480
SHA1

817f42dc9027f7870afa365bb25ade7f9cf8155f
SHA256

96411231a3db323ccb53de3dad0fd7714b0140dd9284cabaf4eddd22055ae047
SHA512

2533d59feeddb52c17f6259f267cc84f980a7ef0e69ba0913532393d7596cf696ce97371ec620fb9b517fcdd256e9b645fcf906652486cb104a3538320ad4a40
SSDEEP

12288:Ijyi0Ag8FvIve36hcRddSPtGD48JrUASeB8wFrGFfLjs19gCpfZpZMcr7yuBByTy:eoramzDuKNPZ/aUrtUJTAq9

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4152	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4152	4256	java.exe	84
PID 4256 wrote to memory of 4152	4256	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\02362d56f961ab2b33ff57b6ee602480_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
35b9d129bb92cce274cd5de200282836

SHA1
1c4eed84f0f22b191c29eb5bd2c7d322235810f6

SHA256
f9f4e21cc1054d7c4c5b8bbc6aef233467c75bbb1fdd81653cc0f8871fa10ba0

SHA512
d3ff2b6566f3ad28f3c3d93f3aff19ac2bed920d81a9b3569cb5edd8db96466cb63fcdb95abee370731e1a2111e9054f66df6d48feee3f5fa3a37287161cb123

Download Submit
memory/4256-36-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-12-0x000001E852100000-0x000001E852101000-memory.dmp

Filesize
4KB

Download
memory/4256-21-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-33-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-35-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-9-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-37-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-39-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-40-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-41-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-42-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download
memory/4256-43-0x000001E8539D0000-0x000001E8549D0000-memory.dmp

Filesize
16.0MB

Download