19e420fa324f949c36ed0ddd6aa97d5eab890520b86947635b16faea7fb6ed31

Resubmissions

28-04-2024 18:21

240428-wzag8sdf92 7

31-05-2022 00:02

220531-abew6abfbp 10

Analysis

max time kernel
31s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PAYMENT 1567_0001.jar
Size

5KB
MD5

ae3ae22d472b3dd08af516fc826b37bb
SHA1

0bc1a94d03c44d4ddcc1458d32f91e71eb82ab43
SHA256

b5ba14af96ed4c62864c7a6659bcbebae1988edd0907c649c36b6c4ef6b67be5
SHA512

06153f7ed32e213ce1de1f255b53b9df44205e00fb9c3c7e034a018d46416f903b5aaa1c33d1d42586e7287228b3e5646f7df0c7492cb9baa1777278ee32b8f2
SSDEEP

96:boYy3vgdMyW5/Rt6jxrYWU7H7jnyM6Bq2gVwCCLNvNabUaI691avxvoeB:cYyf7z9DzfyhBqDVzYa9rapQk

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
724	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 724	2208	java.exe	86
PID 2208 wrote to memory of 724	2208	java.exe	86

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\PAYMENT 1567_0001.jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c7e698fb8d2a88c022c87c67d2dd327a

SHA1
3d13578777e7d84c875d9f826dfa5fdda6e5890c

SHA256
d08743789b7828fa13ce572b60102f7309e985999b1f30d995577bacd660518d

SHA512
9abe8aacbef015598c8ed54851c43da35343e1c75e56e2d55678337725061ff12d5f5f13579093782e690450abc432eb9262679320218d66d4731d314d42cee3

Download Submit
memory/2208-34-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-12-0x000002F3410E0000-0x000002F3410E1000-memory.dmp

Filesize
4KB

Download
memory/2208-27-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-31-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-33-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-10-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-35-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-40-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-41-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-42-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-43-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-44-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-45-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download
memory/2208-47-0x000002F3428F0000-0x000002F3438F0000-memory.dmp

Filesize
16.0MB

Download