7b5467ae9d8879f9c1d51783fc2c586530670747fec54932d85e366cc28b0861

Analysis

max time kernel
135s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1eaf599e964316c034d4026810794f67_JaffaCakes118.jar
Size

1KB
MD5

1eaf599e964316c034d4026810794f67
SHA1

1230a74e348bcc91af8b0f5493af29b29b8d8111
SHA256

7b5467ae9d8879f9c1d51783fc2c586530670747fec54932d85e366cc28b0861
SHA512

3174860dd2ba85f68e49f5885322ad0ee8d7d53b26e75f76e35cc32c0b8936acafc655ed3aef567736132949c15a313f7f083aaefec5714635b9fe0cf03c9ea9

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4448	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 4448	852	java.exe	87
PID 852 wrote to memory of 4448	852	java.exe	87

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\1eaf599e964316c034d4026810794f67_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9b61813b85f7068d8e28e4be2fceb7c7

SHA1
d6cdf3d21e1623a21757364cf032528eea651267

SHA256
347bba4124deaaef084aa980e8f3dc8f44f05cb995b5db9057de62187b302382

SHA512
dfdd7f5136fdf6e7c1c767f8716b2876217cbd8a5a193e62f155b45901ffccdc4f6afdf3da06126b0e85db0adfa3793de540f191d79ccfaf343a9bf6daae68f8

Download Submit
memory/852-2-0x0000020FC23A0000-0x0000020FC2610000-memory.dmp

Filesize
2.4MB

Download
memory/852-12-0x0000020FC2380000-0x0000020FC2381000-memory.dmp

Filesize
4KB

Download
memory/852-13-0x0000020FC23A0000-0x0000020FC2610000-memory.dmp

Filesize
2.4MB

Download