000cb4373ce83f5e828b4ed209ae85ef97a819f0d6724e27a930be7c0f589107

Analysis

max time kernel
1800s
max time network
1179s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

svhi1wt5.jar
Size

2.3MB
MD5

c3233eb0f0216752a546ae6ca551ff37
SHA1

66cffb233e75078558750b2b5717b448fc2a9e29
SHA256

000cb4373ce83f5e828b4ed209ae85ef97a819f0d6724e27a930be7c0f589107
SHA512

be4f13994490e38d031d2d1d7675e7e87e77778f619b7f77c5e7c04e1cfd566aa074ec0488cc68c5625b4492ae60ddf6e31667783a07e80d15ee2e6b221e1c6f
SSDEEP

49152:vEDD8ICikBd0+gU2qw+mSUTgy+PI1FLVTxBE7a9S:vk85BYH+7Uky9FYES

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3680	icacls.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe
2692	java.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe
Token: SeDebugPrivilege	2692	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2692	java.exe
2692	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3680	2692	java.exe	84
PID 2692 wrote to memory of 3680	2692	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\svhi1wt5.jar
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
41505c3d01b366135750c2719b461e4e

SHA1
332f895b8d558a9b4f397c91307078a2236052cd

SHA256
a12c4ee841bcdd7e41e80652b8e5a369114cabc9e74db5228b9e2f01e4bcb583

SHA512
1bb332d3af4e532ce950a887ea03c42a08a8ceaa12be7d6bc4b7e076911f6c7409df7d876519955bed920ee641733b9785160111e3061837f15b03978ca27067

Download Submit
memory/2692-2-0x0000020F5FC70000-0x0000020F5FEE0000-memory.dmp

Filesize
2.4MB

Download
memory/2692-20-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-23-0x0000020F5FEE0000-0x0000020F5FEF0000-memory.dmp

Filesize
64KB

Download
memory/2692-25-0x0000020F5FEF0000-0x0000020F5FF00000-memory.dmp

Filesize
64KB

Download
memory/2692-29-0x0000020F5FF00000-0x0000020F5FF10000-memory.dmp

Filesize
64KB

Download
memory/2692-30-0x0000020F5FF10000-0x0000020F5FF20000-memory.dmp

Filesize
64KB

Download
memory/2692-28-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-32-0x0000020F5FF20000-0x0000020F5FF30000-memory.dmp

Filesize
64KB

Download
memory/2692-34-0x0000020F5FF30000-0x0000020F5FF40000-memory.dmp

Filesize
64KB

Download
memory/2692-36-0x0000020F5FF40000-0x0000020F5FF50000-memory.dmp

Filesize
64KB

Download
memory/2692-40-0x0000020F5FF50000-0x0000020F5FF60000-memory.dmp

Filesize
64KB

Download
memory/2692-41-0x0000020F5FF60000-0x0000020F5FF70000-memory.dmp

Filesize
64KB

Download
memory/2692-49-0x0000020F5FFA0000-0x0000020F5FFB0000-memory.dmp

Filesize
64KB

Download
memory/2692-48-0x0000020F5FF90000-0x0000020F5FFA0000-memory.dmp

Filesize
64KB

Download
memory/2692-47-0x0000020F5FF80000-0x0000020F5FF90000-memory.dmp

Filesize
64KB

Download
memory/2692-46-0x0000020F5FF70000-0x0000020F5FF80000-memory.dmp

Filesize
64KB

Download
memory/2692-56-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-58-0x0000020F5FFD0000-0x0000020F5FFE0000-memory.dmp

Filesize
64KB

Download
memory/2692-57-0x0000020F5FFC0000-0x0000020F5FFD0000-memory.dmp

Filesize
64KB

Download
memory/2692-55-0x0000020F5FFB0000-0x0000020F5FFC0000-memory.dmp

Filesize
64KB

Download
memory/2692-62-0x0000020F5FC70000-0x0000020F5FEE0000-memory.dmp

Filesize
2.4MB

Download
memory/2692-65-0x0000020F5FEE0000-0x0000020F5FEF0000-memory.dmp

Filesize
64KB

Download
memory/2692-64-0x0000020F5FFF0000-0x0000020F60000000-memory.dmp

Filesize
64KB

Download
memory/2692-63-0x0000020F5FFE0000-0x0000020F5FFF0000-memory.dmp

Filesize
64KB

Download
memory/2692-71-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-70-0x0000020F60000000-0x0000020F60010000-memory.dmp

Filesize
64KB

Download
memory/2692-69-0x0000020F5FEF0000-0x0000020F5FF00000-memory.dmp

Filesize
64KB

Download
memory/2692-75-0x0000020F60010000-0x0000020F60020000-memory.dmp

Filesize
64KB

Download
memory/2692-74-0x0000020F5FF10000-0x0000020F5FF20000-memory.dmp

Filesize
64KB

Download
memory/2692-73-0x0000020F5FF00000-0x0000020F5FF10000-memory.dmp

Filesize
64KB

Download
memory/2692-83-0x0000020F60030000-0x0000020F60040000-memory.dmp

Filesize
64KB

Download
memory/2692-82-0x0000020F60020000-0x0000020F60030000-memory.dmp

Filesize
64KB

Download
memory/2692-81-0x0000020F5FF20000-0x0000020F5FF30000-memory.dmp

Filesize
64KB

Download
memory/2692-88-0x0000020F5FF30000-0x0000020F5FF40000-memory.dmp

Filesize
64KB

Download
memory/2692-90-0x0000020F60050000-0x0000020F60060000-memory.dmp

Filesize
64KB

Download
memory/2692-89-0x0000020F60040000-0x0000020F60050000-memory.dmp

Filesize
64KB

Download
memory/2692-92-0x0000020F5FF40000-0x0000020F5FF50000-memory.dmp

Filesize
64KB

Download
memory/2692-93-0x0000020F60060000-0x0000020F60070000-memory.dmp

Filesize
64KB

Download
memory/2692-95-0x0000020F5FF50000-0x0000020F5FF60000-memory.dmp

Filesize
64KB

Download
memory/2692-96-0x0000020F5FF60000-0x0000020F5FF70000-memory.dmp

Filesize
64KB

Download
memory/2692-97-0x0000020F60070000-0x0000020F60080000-memory.dmp

Filesize
64KB

Download
memory/2692-100-0x0000020F5FA40000-0x0000020F5FA41000-memory.dmp

Filesize
4KB

Download
memory/2692-107-0x0000020F5FF80000-0x0000020F5FF90000-memory.dmp

Filesize
64KB

Download
memory/2692-106-0x0000020F5FF70000-0x0000020F5FF80000-memory.dmp

Filesize
64KB

Download
memory/2692-108-0x0000020F5FF90000-0x0000020F5FFA0000-memory.dmp

Filesize
64KB

Download
memory/2692-109-0x0000020F5FFA0000-0x0000020F5FFB0000-memory.dmp

Filesize
64KB

Download
memory/2692-110-0x0000020F60080000-0x0000020F60090000-memory.dmp

Filesize
64KB

Download
memory/2692-112-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-116-0x0000020F5FFD0000-0x0000020F5FFE0000-memory.dmp

Filesize
64KB

Download
memory/2692-115-0x0000020F5FFC0000-0x0000020F5FFD0000-memory.dmp

Filesize
64KB

Download
memory/2692-114-0x0000020F5FFB0000-0x0000020F5FFC0000-memory.dmp

Filesize
64KB

Download
memory/2692-118-0x0000020F5FFE0000-0x0000020F5FFF0000-memory.dmp

Filesize
64KB

Download
memory/2692-119-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-121-0x0000020F60090000-0x0000020F600A0000-memory.dmp

Filesize
64KB

Download
memory/2692-120-0x0000020F5FFF0000-0x0000020F60000000-memory.dmp

Filesize
64KB

Download
memory/2692-122-0x0000020F5EEB0000-0x0000020F5EEB1000-memory.dmp

Filesize
4KB

Download
memory/2692-123-0x0000020F60000000-0x0000020F60010000-memory.dmp

Filesize
64KB

Download
memory/2692-124-0x0000020F60010000-0x0000020F60020000-memory.dmp

Filesize
64KB

Download
memory/2692-125-0x0000020F60020000-0x0000020F60030000-memory.dmp

Filesize
64KB

Download
memory/2692-126-0x0000020F60030000-0x0000020F60040000-memory.dmp

Filesize
64KB

Download
memory/2692-128-0x0000020F60040000-0x0000020F60050000-memory.dmp

Filesize
64KB

Download
memory/2692-129-0x0000020F60050000-0x0000020F60060000-memory.dmp

Filesize
64KB

Download
memory/2692-131-0x0000020F60060000-0x0000020F60070000-memory.dmp

Filesize
64KB

Download
memory/2692-132-0x0000020F600A0000-0x0000020F600B0000-memory.dmp

Filesize
64KB

Download
memory/2692-134-0x0000020F60070000-0x0000020F60080000-memory.dmp

Filesize
64KB

Download
memory/2692-135-0x0000020F60080000-0x0000020F60090000-memory.dmp

Filesize
64KB

Download
memory/2692-137-0x0000020F60090000-0x0000020F600A0000-memory.dmp

Filesize
64KB

Download
memory/2692-138-0x0000020F600B0000-0x0000020F600C0000-memory.dmp

Filesize
64KB

Download
memory/2692-141-0x0000020F600A0000-0x0000020F600B0000-memory.dmp

Filesize
64KB

Download
memory/2692-145-0x0000020F600C0000-0x0000020F600D0000-memory.dmp

Filesize
64KB

Download
memory/2692-148-0x0000020F600B0000-0x0000020F600C0000-memory.dmp

Filesize
64KB

Download
memory/2692-151-0x0000020F600D0000-0x0000020F600E0000-memory.dmp

Filesize
64KB

Download
memory/2692-154-0x0000020F600C0000-0x0000020F600D0000-memory.dmp

Filesize
64KB

Download
memory/2692-156-0x0000020F600E0000-0x0000020F600F0000-memory.dmp

Filesize
64KB

Download
memory/2692-157-0x0000020F600D0000-0x0000020F600E0000-memory.dmp

Filesize
64KB

Download
memory/2692-159-0x0000020F600E0000-0x0000020F600F0000-memory.dmp

Filesize
64KB

Download
memory/2692-161-0x0000020F600F0000-0x0000020F60100000-memory.dmp

Filesize
64KB

Download
memory/2692-164-0x0000020F600F0000-0x0000020F60100000-memory.dmp

Filesize
64KB

Download
memory/2692-166-0x0000020F60100000-0x0000020F60110000-memory.dmp

Filesize
64KB

Download
memory/2692-170-0x0000020F60100000-0x0000020F60110000-memory.dmp

Filesize
64KB

Download
memory/2692-172-0x0000020F60110000-0x0000020F60120000-memory.dmp

Filesize
64KB

Download
memory/2692-175-0x0000020F60110000-0x0000020F60120000-memory.dmp

Filesize
64KB

Download
memory/2692-177-0x0000020F60120000-0x0000020F60130000-memory.dmp

Filesize
64KB

Download
memory/2692-180-0x0000020F60130000-0x0000020F60140000-memory.dmp

Filesize
64KB

Download
memory/2692-183-0x0000020F60120000-0x0000020F60130000-memory.dmp

Filesize
64KB

Download
memory/2692-184-0x0000020F60140000-0x0000020F60150000-memory.dmp

Filesize
64KB

Download
memory/2692-187-0x0000020F60150000-0x0000020F60160000-memory.dmp

Filesize
64KB

Download
memory/2692-188-0x0000020F60130000-0x0000020F60140000-memory.dmp

Filesize
64KB

Download
memory/2692-190-0x0000020F60140000-0x0000020F60150000-memory.dmp

Filesize
64KB

Download
memory/2692-191-0x0000020F60160000-0x0000020F60170000-memory.dmp

Filesize
64KB

Download
memory/2692-193-0x0000020F60150000-0x0000020F60160000-memory.dmp

Filesize
64KB

Download
memory/2692-196-0x0000020F60170000-0x0000020F60180000-memory.dmp

Filesize
64KB

Download
memory/2692-199-0x0000020F60180000-0x0000020F60190000-memory.dmp

Filesize
64KB

Download
memory/2692-200-0x0000020F60160000-0x0000020F60170000-memory.dmp

Filesize
64KB

Download
memory/2692-201-0x0000020F60170000-0x0000020F60180000-memory.dmp

Filesize
64KB

Download
memory/2692-202-0x0000020F60180000-0x0000020F60190000-memory.dmp

Filesize
64KB

Download
memory/2692-208-0x0000020F60190000-0x0000020F601A0000-memory.dmp

Filesize
64KB

Download
memory/2692-209-0x0000020F60190000-0x0000020F601A0000-memory.dmp

Filesize
64KB

Download
memory/2692-211-0x0000020F601A0000-0x0000020F601B0000-memory.dmp

Filesize
64KB

Download
memory/2692-216-0x0000020F601A0000-0x0000020F601B0000-memory.dmp

Filesize
64KB

Download
memory/2692-220-0x0000020F601B0000-0x0000020F601C0000-memory.dmp

Filesize
64KB

Download
memory/2692-226-0x0000020F601C0000-0x0000020F601D0000-memory.dmp

Filesize
64KB

Download
memory/2692-228-0x0000020F601B0000-0x0000020F601C0000-memory.dmp

Filesize
64KB

Download
memory/2692-231-0x0000020F601D0000-0x0000020F601E0000-memory.dmp

Filesize
64KB

Download