526f425013cea0ade9f1ebca9a67927b913f248019d0c701ef10310dccac85af

Analysis

max time kernel
143s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 20:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Skid.jar
Size

33.3MB
MD5

e91b9d45cb04500b8de7c43a95476142
SHA1

56f0d340f2290ab5cda66a306a2e046fde47f583
SHA256

526f425013cea0ade9f1ebca9a67927b913f248019d0c701ef10310dccac85af
SHA512

3f57ccdd587763e3bc27c1f66019637ea897390b1368e21ac6f3d603b3e8161a3ec9a9c82109fc92917678afee12770990cbd051c3b3ce3d6e896364f495602b
SSDEEP

393216:FxZhOd8xYK1m8szNSpLLS4Oai+CPRk6BiD9sWQkhG/W0Cv:FxZhOd8hpLW4viPMDSWQN/zCv

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
408	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 408	2648	java.exe	84
PID 2648 wrote to memory of 408	2648	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Skid.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9ceef00cf0805ea42937e1a70980aa2b

SHA1
8812e1b98ec6b80f918fab292128b2c215ca8062

SHA256
e15bcc06bde2d1ab4220da95eb649a2be56bec128392a8155a6b4fe18ad5c673

SHA512
614e7c51dcc4812470d0c3ec7de28b3f29082742399a411cf1bae8fd0b7458ae49954ab591c2f5a280fd4d2f4f7e014ad17682b9d4d6f1eb133e26f678c869cc

Download Submit
memory/2648-2-0x0000010D00000000-0x0000010D00270000-memory.dmp

Filesize
2.4MB

Download
memory/2648-12-0x0000010D73160000-0x0000010D73161000-memory.dmp

Filesize
4KB

Download
memory/2648-13-0x0000010D00000000-0x0000010D00270000-memory.dmp

Filesize
2.4MB

Download