Overview

overview

7

Static

static

1

CLion激活.vbs

windows7-x64

1

CLion激活.vbs

windows10-2004-x64

1

DataGrip激活.vbs

windows7-x64

1

DataGrip激活.vbs

windows10-2004-x64

1

DataSpell激活.vbs

windows7-x64

1

DataSpell激活.vbs

windows10-2004-x64

1

GoLand激活.vbs

windows7-x64

1

GoLand激活.vbs

windows10-2004-x64

1

IDEA激活.vbs

windows7-x64

1

IDEA激活.vbs

windows10-2004-x64

1

PhpStorm激活.vbs

windows7-x64

1

PhpStorm激活.vbs

windows10-2004-x64

1

PyCharm激活.vbs

windows7-x64

1

PyCharm激活.vbs

windows10-2004-x64

1

Rider激活.vbs

windows7-x64

1

Rider激活.vbs

windows10-2004-x64

1

WebStorm激活.vbs

windows7-x64

1

WebStorm激活.vbs

windows10-2004-x64

1

active-agt.jar

windows7-x64

1

active-agt.jar

windows10-2004-x64

7

plugins/dns.jar

windows7-x64

1

plugins/dns.jar

windows10-2004-x64

7

plugins/hideme.jar

windows7-x64

1

plugins/hideme.jar

windows10-2004-x64

7

plugins/power.jar

windows7-x64

1

plugins/power.jar

windows10-2004-x64

7

plugins/url.jar

windows7-x64

1

plugins/url.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    55s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugins/dns.jar

  • Size

    4KB

  • MD5

    4f3c516c1704a5569725246d57dd1ae7

  • SHA1

    4e8693b5a7a3837cf7f6db0c4f1316f376d34721

  • SHA256

    d1150b1831b112b93d74a34a10ce6c11606e0d2255d532c29f91f1d92b40a552

  • SHA512

    f885fc751e9035944489578bb037f05521c6258c377c0c7bf8b8d10b799063e6e529c715ecebf9729724f0497f588803d7d463fbb70f5efbd73952624f60d08e

  • SSDEEP

    96:LSyBi1RBhx1yI/OEEKXejuu9lSx/xowSpTz7g8nJfTfTX:LSx1RBhx1y0OPhox/6fpTvgeRTfTX

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\plugins\dns.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    2a9663f20ae3d9e430e2a85b34912410

    SHA1

    38dea5ea65598d55b030478d0d781547f79c6bbb

    SHA256

    392fb28397e784a2eb3aea841351055cf8431838d3f933cdf34bf38588a711d5

    SHA512

    6a531355f600ed936b88f9f994497413c1ad56f9cdaa3598bdbf29b4899597395fe9ccbfce21d74e2997aeb322159c558c787c7a827d9260c65a331164a0267f

    Download Submit

  • memory/4800-11-0x0000026EC0E60000-0x0000026EC0E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4800-10-0x0000026EC0E80000-0x0000026EC1E80000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4800-13-0x0000026EC0E80000-0x0000026EC1E80000-memory.dmp

    Filesize

    16.0MB

    Download