36bc30177e29b9a1a440df85c764d0fa6c9e5c7ff6119ff41a05fadee36f0b82

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apktool/signapk.jar
Size

7KB
MD5

aec6985fe2314e4d032ba6d192ac4163
SHA1

b16f006e7bf509add528f4b9a075ca373d531203
SHA256

b17534e89a5b58d5e343ba54a49da579cf9213988f4beeae24fe4582a0c226bb
SHA512

5347fb296f87fb71046e0fd261a495485254ed7bd6d68da3aebb346267e5bc14ad8a89aa5496b31b2bf0da35b8c7c4cbbf71ace977443f09ecdbe50e1288bcea
SSDEEP

192:20AfGZ6TJSM/+Lz2dBM8ZRSvdrGanQRSHFzJ:dj6tof2nMySvldT

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1500 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 1476 wrote to memory of 1500 1476 java.exe icacls.exe
PID 1476 wrote to memory of 1500 1476 java.exe icacls.exe

pid	process
1500	icacls.exe

description	pid	process	target process
PID 1476 wrote to memory of 1500	1476	java.exe	icacls.exe
PID 1476 wrote to memory of 1500	1476	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\apktool\signapk.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1476

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1500

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
d45b769cd951a2048f226c223287731c

SHA1
942ad39a9da558dbc991164b58a9bc0d338477e7

SHA256
6273e99b671b83bb7fc6ccf07106d9bf16fa1c659ad0c89860afa6cc9ba0ba89

SHA512
a900be1e23617d3fc3a2fd3315a3ff3a1b07c03bc58c574a489c01f6e3d9b14c1ee5978a8449b2343a4034c9d9f24165249e06d97a2bef2518579363e72b842d

Download Submit
memory/1476-2-0x00000143B8750000-0x00000143B89C0000-memory.dmp

Filesize
2.4MB

Download
memory/1476-11-0x00000143B8730000-0x00000143B8731000-memory.dmp

Filesize
4KB

Download
memory/1476-13-0x00000143B8750000-0x00000143B89C0000-memory.dmp

Filesize
2.4MB

Download