31ee8b1f5a729087bfcd58265b4558d9c382736e74934a18200756ac672f6005

Analysis

max time kernel
87s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
02/05/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lib/jphp-xml-ext.jar
Size

19KB
MD5

0a79304556a1289aa9e6213f574f3b08
SHA1

7ee3bde3b1777bf65d4f62ce33295556223a26cd
SHA256

434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79
SHA512

1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e
SSDEEP

384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2476	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2476	2336	java.exe	81
PID 2336 wrote to memory of 2476	2336	java.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\lib\jphp-xml-ext.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
52dc179c202556cc1edb811ff926c2f0

SHA1
72103ea8adf5b0c90c8d5ce5e0c49362565493ce

SHA256
5d517c56846b7c6be961c50da10c1aba2bd0e82ce98cbefe6c4c082208eea509

SHA512
8681e97c8ed07cfa5c097d62dbf3af1f1ece8308e3c0ae1864dd96f1d8f91620807ae69de301ff514f1e25bbce8f28f0307450f69e36accc2b16d88639a4eb58

Download Submit
memory/2336-2-0x00000147AED50000-0x00000147AEFC0000-memory.dmp

Filesize
2.4MB

Download
memory/2336-11-0x00000147AD460000-0x00000147AD461000-memory.dmp

Filesize
4KB

Download
memory/2336-13-0x00000147AED50000-0x00000147AEFC0000-memory.dmp

Filesize
2.4MB

Download