43d005cf6b3c5883e6a5bca5aa4863ad46477b0b79f68dc0a907dd8cfaf280e2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sorillus-Launcher v1.1.exe
Size

1.2MB
MD5

85cecea8cd99baa57decdeddd6c7f800
SHA1

43af40ab8eb41cb02fed8d223c5098e2fb15c2d8
SHA256

43d005cf6b3c5883e6a5bca5aa4863ad46477b0b79f68dc0a907dd8cfaf280e2
SHA512

d104dae2510cbe79a2b7a21e7156d80ed2a131ef701204590f8e739145ffa8c9cf1985c9f1360816788e62ff378ef3b7c80c7badec66e65fd30364f0ee0f633a
SSDEEP

24576:vPZl0enBpHMy5zUdw4GRqemkilngx69BVx2YqXId228r9AtyeeSyj:wSGy5zOw4hVh10W4Y+r9Aty/

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3428	javaw.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4424	icacls.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4252	wmic.exe
Token: SeSecurityPrivilege	4252	wmic.exe
Token: SeTakeOwnershipPrivilege	4252	wmic.exe
Token: SeLoadDriverPrivilege	4252	wmic.exe
Token: SeSystemProfilePrivilege	4252	wmic.exe
Token: SeSystemtimePrivilege	4252	wmic.exe
Token: SeProfSingleProcessPrivilege	4252	wmic.exe
Token: SeIncBasePriorityPrivilege	4252	wmic.exe
Token: SeCreatePagefilePrivilege	4252	wmic.exe
Token: SeBackupPrivilege	4252	wmic.exe
Token: SeRestorePrivilege	4252	wmic.exe
Token: SeShutdownPrivilege	4252	wmic.exe
Token: SeDebugPrivilege	4252	wmic.exe
Token: SeSystemEnvironmentPrivilege	4252	wmic.exe
Token: SeRemoteShutdownPrivilege	4252	wmic.exe
Token: SeUndockPrivilege	4252	wmic.exe
Token: SeManageVolumePrivilege	4252	wmic.exe
Token: 33	4252	wmic.exe
Token: 34	4252	wmic.exe
Token: 35	4252	wmic.exe
Token: 36	4252	wmic.exe
Token: SeIncreaseQuotaPrivilege	4252	wmic.exe
Token: SeSecurityPrivilege	4252	wmic.exe
Token: SeTakeOwnershipPrivilege	4252	wmic.exe
Token: SeLoadDriverPrivilege	4252	wmic.exe
Token: SeSystemProfilePrivilege	4252	wmic.exe
Token: SeSystemtimePrivilege	4252	wmic.exe
Token: SeProfSingleProcessPrivilege	4252	wmic.exe
Token: SeIncBasePriorityPrivilege	4252	wmic.exe
Token: SeCreatePagefilePrivilege	4252	wmic.exe
Token: SeBackupPrivilege	4252	wmic.exe
Token: SeRestorePrivilege	4252	wmic.exe
Token: SeShutdownPrivilege	4252	wmic.exe
Token: SeDebugPrivilege	4252	wmic.exe
Token: SeSystemEnvironmentPrivilege	4252	wmic.exe
Token: SeRemoteShutdownPrivilege	4252	wmic.exe
Token: SeUndockPrivilege	4252	wmic.exe
Token: SeManageVolumePrivilege	4252	wmic.exe
Token: 33	4252	wmic.exe
Token: 34	4252	wmic.exe
Token: 35	4252	wmic.exe
Token: 36	4252	wmic.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3428	javaw.exe
3428	javaw.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3428	2044	Sorillus-Launcher v1.1.exe	82
PID 2044 wrote to memory of 3428	2044	Sorillus-Launcher v1.1.exe	82
PID 3428 wrote to memory of 4424	3428	javaw.exe	85
PID 3428 wrote to memory of 4424	3428	javaw.exe	85
PID 3428 wrote to memory of 4252	3428	javaw.exe	90
PID 3428 wrote to memory of 4252	3428	javaw.exe	90

C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe
"C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Djavafx.animation.fullspeed=true -jar "C:\Users\Admin\AppData\Local\Temp\Sorillus-Launcher v1.1.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:4424
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get UUID
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
e827291d23a7228b2cea29376fe0537f

SHA1
5f981d0a2a9319f914550798f41fc4ffd7308e53

SHA256
a402b2924f3a4314f613ba58d9c1302f2b666c3cabc758ca5d66527598d3e14f

SHA512
6eff88cc7098702aa2749f0fd63e2ee3d3b1c873030442e0c339fbd0bcaf13bd6cb88ebd29e0bde741a8c0d236ec0724f0a30fc44f8805bcdc62e9d32a3cffcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4534272956900.dll

Filesize
9KB

MD5
b0366e31f3704da1e9552633a07f77db

SHA1
fd3058cc08a5e00b56301dc44e0e05854a5e55ea

SHA256
18f1f5afec89f152afe1c57cffe9a77c158d840f6e00ec7a343b685caa3d8853

SHA512
d8e621eb9b15103a70544affbd7e3fdf52fe14bdae754fd9551508ed8785d53b6205082de41a575acffe5d1c80d419eda16d79834fdbad9cc8df798dcaa4eaa4

Download Submit
memory/2044-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3428-3-0x0000022D154E0000-0x0000022D15750000-memory.dmp

Filesize
2.4MB

Download
memory/3428-16-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-20-0x0000022D15760000-0x0000022D15770000-memory.dmp

Filesize
64KB

Download
memory/3428-19-0x0000022D15750000-0x0000022D15760000-memory.dmp

Filesize
64KB

Download
memory/3428-22-0x0000022D15770000-0x0000022D15780000-memory.dmp

Filesize
64KB

Download
memory/3428-24-0x0000022D15780000-0x0000022D15790000-memory.dmp

Filesize
64KB

Download
memory/3428-30-0x0000022D157B0000-0x0000022D157C0000-memory.dmp

Filesize
64KB

Download
memory/3428-29-0x0000022D157A0000-0x0000022D157B0000-memory.dmp

Filesize
64KB

Download
memory/3428-28-0x0000022D15790000-0x0000022D157A0000-memory.dmp

Filesize
64KB

Download
memory/3428-36-0x0000022D157C0000-0x0000022D157D0000-memory.dmp

Filesize
64KB

Download
memory/3428-39-0x0000022D157F0000-0x0000022D15800000-memory.dmp

Filesize
64KB

Download
memory/3428-38-0x0000022D157E0000-0x0000022D157F0000-memory.dmp

Filesize
64KB

Download
memory/3428-40-0x0000022D15800000-0x0000022D15810000-memory.dmp

Filesize
64KB

Download
memory/3428-37-0x0000022D157D0000-0x0000022D157E0000-memory.dmp

Filesize
64KB

Download
memory/3428-43-0x0000022D15810000-0x0000022D15820000-memory.dmp

Filesize
64KB

Download
memory/3428-46-0x0000022D154E0000-0x0000022D15750000-memory.dmp

Filesize
2.4MB

Download
memory/3428-49-0x0000022D15830000-0x0000022D15840000-memory.dmp

Filesize
64KB

Download
memory/3428-48-0x0000022D15840000-0x0000022D15850000-memory.dmp

Filesize
64KB

Download
memory/3428-47-0x0000022D15820000-0x0000022D15830000-memory.dmp

Filesize
64KB

Download
memory/3428-53-0x0000022D15850000-0x0000022D15860000-memory.dmp

Filesize
64KB

Download
memory/3428-59-0x0000022D15870000-0x0000022D15880000-memory.dmp

Filesize
64KB

Download
memory/3428-57-0x0000022D15770000-0x0000022D15780000-memory.dmp

Filesize
64KB

Download
memory/3428-56-0x0000022D15860000-0x0000022D15870000-memory.dmp

Filesize
64KB

Download
memory/3428-55-0x0000022D15760000-0x0000022D15770000-memory.dmp

Filesize
64KB

Download
memory/3428-52-0x0000022D15750000-0x0000022D15760000-memory.dmp

Filesize
64KB

Download
memory/3428-61-0x0000022D15880000-0x0000022D15890000-memory.dmp

Filesize
64KB

Download
memory/3428-60-0x0000022D15780000-0x0000022D15790000-memory.dmp

Filesize
64KB

Download
memory/3428-68-0x0000022D15890000-0x0000022D158A0000-memory.dmp

Filesize
64KB

Download
memory/3428-67-0x0000022D157B0000-0x0000022D157C0000-memory.dmp

Filesize
64KB

Download
memory/3428-66-0x0000022D157A0000-0x0000022D157B0000-memory.dmp

Filesize
64KB

Download
memory/3428-65-0x0000022D15790000-0x0000022D157A0000-memory.dmp

Filesize
64KB

Download
memory/3428-74-0x0000022D157E0000-0x0000022D157F0000-memory.dmp

Filesize
64KB

Download
memory/3428-73-0x0000022D157D0000-0x0000022D157E0000-memory.dmp

Filesize
64KB

Download
memory/3428-77-0x0000022D158A0000-0x0000022D158B0000-memory.dmp

Filesize
64KB

Download
memory/3428-76-0x0000022D15800000-0x0000022D15810000-memory.dmp

Filesize
64KB

Download
memory/3428-75-0x0000022D157F0000-0x0000022D15800000-memory.dmp

Filesize
64KB

Download
memory/3428-72-0x0000022D157C0000-0x0000022D157D0000-memory.dmp

Filesize
64KB

Download
memory/3428-82-0x0000022D158B0000-0x0000022D158C0000-memory.dmp

Filesize
64KB

Download
memory/3428-83-0x0000022D158C0000-0x0000022D158D0000-memory.dmp

Filesize
64KB

Download
memory/3428-84-0x0000022D158D0000-0x0000022D158E0000-memory.dmp

Filesize
64KB

Download
memory/3428-86-0x0000022D15810000-0x0000022D15820000-memory.dmp

Filesize
64KB

Download
memory/3428-87-0x0000022D158E0000-0x0000022D158F0000-memory.dmp

Filesize
64KB

Download
memory/3428-95-0x0000022D15910000-0x0000022D15920000-memory.dmp

Filesize
64KB

Download
memory/3428-94-0x0000022D15900000-0x0000022D15910000-memory.dmp

Filesize
64KB

Download
memory/3428-93-0x0000022D158F0000-0x0000022D15900000-memory.dmp

Filesize
64KB

Download
memory/3428-92-0x0000022D15840000-0x0000022D15850000-memory.dmp

Filesize
64KB

Download
memory/3428-91-0x0000022D15820000-0x0000022D15830000-memory.dmp

Filesize
64KB

Download
memory/3428-99-0x0000022D15920000-0x0000022D15930000-memory.dmp

Filesize
64KB

Download
memory/3428-98-0x0000022D15830000-0x0000022D15840000-memory.dmp

Filesize
64KB

Download
memory/3428-100-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-104-0x0000022D15930000-0x0000022D15940000-memory.dmp

Filesize
64KB

Download
memory/3428-103-0x0000022D15850000-0x0000022D15860000-memory.dmp

Filesize
64KB

Download
memory/3428-110-0x0000022D15940000-0x0000022D15950000-memory.dmp

Filesize
64KB

Download
memory/3428-109-0x0000022D15860000-0x0000022D15870000-memory.dmp

Filesize
64KB

Download
memory/3428-112-0x0000022D15870000-0x0000022D15880000-memory.dmp

Filesize
64KB

Download
memory/3428-113-0x0000022D15950000-0x0000022D15960000-memory.dmp

Filesize
64KB

Download
memory/3428-122-0x0000022D15960000-0x0000022D15970000-memory.dmp

Filesize
64KB

Download
memory/3428-121-0x0000022D15880000-0x0000022D15890000-memory.dmp

Filesize
64KB

Download
memory/3428-129-0x0000022D15890000-0x0000022D158A0000-memory.dmp

Filesize
64KB

Download
memory/3428-130-0x0000022D15970000-0x0000022D15980000-memory.dmp

Filesize
64KB

Download
memory/3428-132-0x0000022D158A0000-0x0000022D158B0000-memory.dmp

Filesize
64KB

Download
memory/3428-133-0x0000022D15980000-0x0000022D15990000-memory.dmp

Filesize
64KB

Download
memory/3428-134-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-139-0x0000022D15990000-0x0000022D159A0000-memory.dmp

Filesize
64KB

Download
memory/3428-138-0x0000022D158D0000-0x0000022D158E0000-memory.dmp

Filesize
64KB

Download
memory/3428-137-0x0000022D158C0000-0x0000022D158D0000-memory.dmp

Filesize
64KB

Download
memory/3428-136-0x0000022D158B0000-0x0000022D158C0000-memory.dmp

Filesize
64KB

Download
memory/3428-142-0x0000022D159A0000-0x0000022D159B0000-memory.dmp

Filesize
64KB

Download
memory/3428-141-0x0000022D158E0000-0x0000022D158F0000-memory.dmp

Filesize
64KB

Download
memory/3428-145-0x0000022D15900000-0x0000022D15910000-memory.dmp

Filesize
64KB

Download
memory/3428-147-0x0000022D159B0000-0x0000022D159C0000-memory.dmp

Filesize
64KB

Download
memory/3428-146-0x0000022D15910000-0x0000022D15920000-memory.dmp

Filesize
64KB

Download
memory/3428-144-0x0000022D158F0000-0x0000022D15900000-memory.dmp

Filesize
64KB

Download
memory/3428-150-0x0000022D15920000-0x0000022D15930000-memory.dmp

Filesize
64KB

Download
memory/3428-151-0x0000022D159C0000-0x0000022D159D0000-memory.dmp

Filesize
64KB

Download
memory/3428-156-0x0000022D159E0000-0x0000022D159F0000-memory.dmp

Filesize
64KB

Download
memory/3428-155-0x0000022D159D0000-0x0000022D159E0000-memory.dmp

Filesize
64KB

Download
memory/3428-154-0x0000022D15930000-0x0000022D15940000-memory.dmp

Filesize
64KB

Download
memory/3428-159-0x0000022D159F0000-0x0000022D15A00000-memory.dmp

Filesize
64KB

Download
memory/3428-158-0x0000022D15940000-0x0000022D15950000-memory.dmp

Filesize
64KB

Download
memory/3428-162-0x0000022D15A00000-0x0000022D15A10000-memory.dmp

Filesize
64KB

Download
memory/3428-161-0x0000022D15950000-0x0000022D15960000-memory.dmp

Filesize
64KB

Download
memory/3428-165-0x0000022D15A10000-0x0000022D15A20000-memory.dmp

Filesize
64KB

Download
memory/3428-164-0x0000022D15960000-0x0000022D15970000-memory.dmp

Filesize
64KB

Download
memory/3428-168-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-169-0x0000022D15970000-0x0000022D15980000-memory.dmp

Filesize
64KB

Download
memory/3428-170-0x0000022D15A20000-0x0000022D15A30000-memory.dmp

Filesize
64KB

Download
memory/3428-173-0x0000022D15A30000-0x0000022D15A40000-memory.dmp

Filesize
64KB

Download
memory/3428-172-0x0000022D15980000-0x0000022D15990000-memory.dmp

Filesize
64KB

Download
memory/3428-175-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-177-0x0000022D15990000-0x0000022D159A0000-memory.dmp

Filesize
64KB

Download
memory/3428-180-0x0000022D159A0000-0x0000022D159B0000-memory.dmp

Filesize
64KB

Download
memory/3428-181-0x0000022D159B0000-0x0000022D159C0000-memory.dmp

Filesize
64KB

Download
memory/3428-182-0x0000022D15A40000-0x0000022D15A50000-memory.dmp

Filesize
64KB

Download
memory/3428-185-0x0000022D15A50000-0x0000022D15A60000-memory.dmp

Filesize
64KB

Download
memory/3428-184-0x0000022D159C0000-0x0000022D159D0000-memory.dmp

Filesize
64KB

Download
memory/3428-187-0x0000022D159D0000-0x0000022D159E0000-memory.dmp

Filesize
64KB

Download
memory/3428-189-0x0000022D15A60000-0x0000022D15A70000-memory.dmp

Filesize
64KB

Download
memory/3428-188-0x0000022D159E0000-0x0000022D159F0000-memory.dmp

Filesize
64KB

Download
memory/3428-192-0x0000022D159F0000-0x0000022D15A00000-memory.dmp

Filesize
64KB

Download
memory/3428-193-0x0000022D15A70000-0x0000022D15A80000-memory.dmp

Filesize
64KB

Download
memory/3428-202-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download
memory/3428-216-0x0000022D154C0000-0x0000022D154C1000-memory.dmp

Filesize
4KB

Download