bb183b5d25328df21c958beba4a921d9300e7808d54d0ac801e49549fc60d4e0

Analysis

max time kernel
90s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
16/05/2024, 12:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Launcher.jar
Size

5.1MB
MD5

2c60123a0b4cb64f4d0831746ff2353d
SHA1

5d0e57a8bfcc802f32bb1c5012fb3d89364d779d
SHA256

bb183b5d25328df21c958beba4a921d9300e7808d54d0ac801e49549fc60d4e0
SHA512

204c042f59e0d86223ee2713d0538114038ec4529291377f0c927d722de595bd38388acf229a9fed9d8a4abc2c51752903e18f38ceab024a4949bac834764236
SSDEEP

98304:g9m1QLa/qcCyPH2DwtnbACoOJ5NG7q6QK2Qcls5vtKuwAYpn1vtqdJbm/5Wuhn0I:g9Lxacwtnbp/5NAq6QKelslZqlttVh0I

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2276	icacls.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4980	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 2276	4980	java.exe	82
PID 4980 wrote to memory of 2276	4980	java.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Launcher.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
980ba1c1254455df08fc81f5b11ba212

SHA1
b6b1c5d1a45f3cf89d1ef60e1052eeb4e4c1f0fa

SHA256
253232a6508f55d773a30b3fb9205f7634cc134eae3a62ba2e31db989cc3fd98

SHA512
dc1916d896a957d1ab100d8075ca911e3c05821b20293b11ba370136a64c4e7793776d8846992c0c30e41201134b7ac4532387f23e91de2177fc9e0f3cf8a9fb

Download Submit
C:\Users\Admin\AppData\Roaming\ElectricLauncher\data\ram\ram.txt

Filesize
3B

MD5
a0b6c3e24f6f2433b030951bc488f759

SHA1
1d383314988e188c925a9b47065e1285e25551e3

SHA256
9b6dd0f55d1cea37555db317f53a0631f694bd46df8018cc2aeed3d9e2f32f5f

SHA512
16e024531f95614599758cb3996e5a9303af312912c7eade0b27bd46979a6c0704e8d63d09bbbc81f94a3d762f8a256005dca4a6c531bcd262a8583e7ee7a74f

Download Submit
C:\Users\Admin\AppData\Roaming\ElectricLauncher\data\ram\ram.txt

Filesize
3B

MD5
c83bbf39a26190b2d0ec2d3091356053

SHA1
2c29ec19a8ec05d0caa6527ea271229c0e7a7442

SHA256
7c468f5e59f2871b946e051445493bbcace531d597edbbcc9935e7d02d025114

SHA512
076c9ebfdd34c47081d70ea7a493b1cf324b3b5ae8286886590167f865d0d2936c8fe31b8c1e4bf7c40425c58f146c4d7b8e49b2eff991efb830a0518e041b7f

Download Submit
memory/4980-2-0x00000248C02F0000-0x00000248C0560000-memory.dmp

Filesize
2.4MB

Download
memory/4980-16-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-18-0x00000248C0560000-0x00000248C0570000-memory.dmp

Filesize
64KB

Download
memory/4980-22-0x00000248C0570000-0x00000248C0580000-memory.dmp

Filesize
64KB

Download
memory/4980-21-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-23-0x00000248C0580000-0x00000248C0590000-memory.dmp

Filesize
64KB

Download
memory/4980-26-0x00000248C0590000-0x00000248C05A0000-memory.dmp

Filesize
64KB

Download
memory/4980-28-0x00000248C05A0000-0x00000248C05B0000-memory.dmp

Filesize
64KB

Download
memory/4980-29-0x00000248C05B0000-0x00000248C05C0000-memory.dmp

Filesize
64KB

Download
memory/4980-31-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-33-0x00000248C05C0000-0x00000248C05D0000-memory.dmp

Filesize
64KB

Download
memory/4980-41-0x00000248C0600000-0x00000248C0610000-memory.dmp

Filesize
64KB

Download
memory/4980-40-0x00000248C05F0000-0x00000248C0600000-memory.dmp

Filesize
64KB

Download
memory/4980-39-0x00000248C05E0000-0x00000248C05F0000-memory.dmp

Filesize
64KB

Download
memory/4980-38-0x00000248C05D0000-0x00000248C05E0000-memory.dmp

Filesize
64KB

Download
memory/4980-45-0x00000248C0610000-0x00000248C0620000-memory.dmp

Filesize
64KB

Download
memory/4980-50-0x00000248C0620000-0x00000248C0630000-memory.dmp

Filesize
64KB

Download
memory/4980-49-0x00000248C02F0000-0x00000248C0560000-memory.dmp

Filesize
2.4MB

Download
memory/4980-55-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-54-0x00000248C0630000-0x00000248C0640000-memory.dmp

Filesize
64KB

Download
memory/4980-53-0x00000248C0560000-0x00000248C0570000-memory.dmp

Filesize
64KB

Download
memory/4980-58-0x00000248C0640000-0x00000248C0650000-memory.dmp

Filesize
64KB

Download
memory/4980-57-0x00000248C0570000-0x00000248C0580000-memory.dmp

Filesize
64KB

Download
memory/4980-61-0x00000248C0650000-0x00000248C0660000-memory.dmp

Filesize
64KB

Download
memory/4980-60-0x00000248C0580000-0x00000248C0590000-memory.dmp

Filesize
64KB

Download
memory/4980-64-0x00000248C0660000-0x00000248C0670000-memory.dmp

Filesize
64KB

Download
memory/4980-63-0x00000248C0590000-0x00000248C05A0000-memory.dmp

Filesize
64KB

Download
memory/4980-67-0x00000248C0670000-0x00000248C0680000-memory.dmp

Filesize
64KB

Download
memory/4980-66-0x00000248C05A0000-0x00000248C05B0000-memory.dmp

Filesize
64KB

Download
memory/4980-76-0x00000248C06A0000-0x00000248C06B0000-memory.dmp

Filesize
64KB

Download
memory/4980-73-0x00000248C05C0000-0x00000248C05D0000-memory.dmp

Filesize
64KB

Download
memory/4980-75-0x00000248C0690000-0x00000248C06A0000-memory.dmp

Filesize
64KB

Download
memory/4980-70-0x00000248C05B0000-0x00000248C05C0000-memory.dmp

Filesize
64KB

Download
memory/4980-71-0x00000248C0680000-0x00000248C0690000-memory.dmp

Filesize
64KB

Download
memory/4980-77-0x00000248C05D0000-0x00000248C05E0000-memory.dmp

Filesize
64KB

Download
memory/4980-81-0x00000248C06B0000-0x00000248C06C0000-memory.dmp

Filesize
64KB

Download
memory/4980-80-0x00000248C0600000-0x00000248C0610000-memory.dmp

Filesize
64KB

Download
memory/4980-79-0x00000248C05F0000-0x00000248C0600000-memory.dmp

Filesize
64KB

Download
memory/4980-78-0x00000248C05E0000-0x00000248C05F0000-memory.dmp

Filesize
64KB

Download
memory/4980-84-0x00000248C06C0000-0x00000248C06D0000-memory.dmp

Filesize
64KB

Download
memory/4980-83-0x00000248C0610000-0x00000248C0620000-memory.dmp

Filesize
64KB

Download
memory/4980-87-0x00000248C0620000-0x00000248C0630000-memory.dmp

Filesize
64KB

Download
memory/4980-88-0x00000248C06D0000-0x00000248C06E0000-memory.dmp

Filesize
64KB

Download
memory/4980-91-0x00000248C06E0000-0x00000248C06F0000-memory.dmp

Filesize
64KB

Download
memory/4980-90-0x00000248C0630000-0x00000248C0640000-memory.dmp

Filesize
64KB

Download
memory/4980-93-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-95-0x00000248C06F0000-0x00000248C0700000-memory.dmp

Filesize
64KB

Download
memory/4980-94-0x00000248C0640000-0x00000248C0650000-memory.dmp

Filesize
64KB

Download
memory/4980-96-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-100-0x00000248C0650000-0x00000248C0660000-memory.dmp

Filesize
64KB

Download
memory/4980-101-0x00000248C0700000-0x00000248C0710000-memory.dmp

Filesize
64KB

Download
memory/4980-102-0x00000248C0660000-0x00000248C0670000-memory.dmp

Filesize
64KB

Download
memory/4980-104-0x00000248C0710000-0x00000248C0720000-memory.dmp

Filesize
64KB

Download
memory/4980-105-0x00000248C0670000-0x00000248C0680000-memory.dmp

Filesize
64KB

Download
memory/4980-106-0x00000248C0720000-0x00000248C0730000-memory.dmp

Filesize
64KB

Download
memory/4980-109-0x00000248C0730000-0x00000248C0740000-memory.dmp

Filesize
64KB

Download
memory/4980-108-0x00000248C0680000-0x00000248C0690000-memory.dmp

Filesize
64KB

Download
memory/4980-112-0x00000248C06A0000-0x00000248C06B0000-memory.dmp

Filesize
64KB

Download
memory/4980-113-0x00000248C0740000-0x00000248C0750000-memory.dmp

Filesize
64KB

Download
memory/4980-111-0x00000248C0690000-0x00000248C06A0000-memory.dmp

Filesize
64KB

Download
memory/4980-116-0x00000248C0750000-0x00000248C0760000-memory.dmp

Filesize
64KB

Download
memory/4980-115-0x00000248C06B0000-0x00000248C06C0000-memory.dmp

Filesize
64KB

Download
memory/4980-119-0x00000248C0760000-0x00000248C0770000-memory.dmp

Filesize
64KB

Download
memory/4980-118-0x00000248C06C0000-0x00000248C06D0000-memory.dmp

Filesize
64KB

Download
memory/4980-122-0x00000248C06D0000-0x00000248C06E0000-memory.dmp

Filesize
64KB

Download
memory/4980-123-0x00000248C0770000-0x00000248C0780000-memory.dmp

Filesize
64KB

Download
memory/4980-126-0x00000248C0780000-0x00000248C0790000-memory.dmp

Filesize
64KB

Download
memory/4980-125-0x00000248C06E0000-0x00000248C06F0000-memory.dmp

Filesize
64KB

Download
memory/4980-127-0x00000248C06F0000-0x00000248C0700000-memory.dmp

Filesize
64KB

Download
memory/4980-128-0x00000248C0790000-0x00000248C07A0000-memory.dmp

Filesize
64KB

Download
memory/4980-131-0x00000248C07A0000-0x00000248C07B0000-memory.dmp

Filesize
64KB

Download
memory/4980-130-0x00000248C0700000-0x00000248C0710000-memory.dmp

Filesize
64KB

Download
memory/4980-134-0x00000248C07B0000-0x00000248C07C0000-memory.dmp

Filesize
64KB

Download
memory/4980-133-0x00000248C0710000-0x00000248C0720000-memory.dmp

Filesize
64KB

Download
memory/4980-135-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-138-0x00000248C07C0000-0x00000248C07D0000-memory.dmp

Filesize
64KB

Download
memory/4980-137-0x00000248C0720000-0x00000248C0730000-memory.dmp

Filesize
64KB

Download
memory/4980-141-0x00000248C0730000-0x00000248C0740000-memory.dmp

Filesize
64KB

Download
memory/4980-142-0x00000248C07D0000-0x00000248C07E0000-memory.dmp

Filesize
64KB

Download
memory/4980-140-0x00000248BEA40000-0x00000248BEA41000-memory.dmp

Filesize
4KB

Download
memory/4980-145-0x00000248C07E0000-0x00000248C07F0000-memory.dmp

Filesize
64KB

Download
memory/4980-144-0x00000248C0740000-0x00000248C0750000-memory.dmp

Filesize
64KB

Download
memory/4980-149-0x00000248C07F0000-0x00000248C0800000-memory.dmp

Filesize
64KB

Download
memory/4980-148-0x00000248C0750000-0x00000248C0760000-memory.dmp

Filesize
64KB

Download
memory/4980-151-0x00000248C0760000-0x00000248C0770000-memory.dmp

Filesize
64KB

Download
memory/4980-152-0x00000248C0800000-0x00000248C0810000-memory.dmp

Filesize
64KB

Download
memory/4980-154-0x00000248C0770000-0x00000248C0780000-memory.dmp

Filesize
64KB

Download
memory/4980-155-0x00000248C0810000-0x00000248C0820000-memory.dmp

Filesize
64KB

Download
memory/4980-158-0x00000248C0820000-0x00000248C0830000-memory.dmp

Filesize
64KB

Download
memory/4980-157-0x00000248C0780000-0x00000248C0790000-memory.dmp

Filesize
64KB

Download
memory/4980-160-0x00000248C0790000-0x00000248C07A0000-memory.dmp

Filesize
64KB

Download
memory/4980-161-0x00000248C0830000-0x00000248C0840000-memory.dmp

Filesize
64KB

Download
memory/4980-163-0x00000248C07A0000-0x00000248C07B0000-memory.dmp

Filesize
64KB

Download
memory/4980-164-0x00000248C0840000-0x00000248C0850000-memory.dmp

Filesize
64KB

Download
memory/4980-166-0x00000248C07B0000-0x00000248C07C0000-memory.dmp

Filesize
64KB

Download
memory/4980-167-0x00000248C0850000-0x00000248C0860000-memory.dmp

Filesize
64KB

Download
memory/4980-170-0x00000248C07C0000-0x00000248C07D0000-memory.dmp

Filesize
64KB

Download
memory/4980-171-0x00000248C0860000-0x00000248C0870000-memory.dmp

Filesize
64KB

Download
memory/4980-173-0x00000248C07D0000-0x00000248C07E0000-memory.dmp

Filesize
64KB

Download
memory/4980-174-0x00000248C0870000-0x00000248C0880000-memory.dmp

Filesize
64KB

Download
memory/4980-176-0x00000248C07E0000-0x00000248C07F0000-memory.dmp

Filesize
64KB

Download
memory/4980-177-0x00000248C0880000-0x00000248C0890000-memory.dmp

Filesize
64KB

Download
memory/4980-181-0x00000248C0890000-0x00000248C08A0000-memory.dmp

Filesize
64KB

Download
memory/4980-180-0x00000248C07F0000-0x00000248C0800000-memory.dmp

Filesize
64KB

Download