8649d34616022150e1a099737bce5c07351fd3dfce7ca0978a82b4a435e0931f

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Iris-Installer-3.2.0.jar
Size

1.6MB
MD5

97cfa283f188d846c86e8c0e58d00db8
SHA1

b9c83d9d0068a89434aaf05c2a1b594d4a1d0ee8
SHA256

8649d34616022150e1a099737bce5c07351fd3dfce7ca0978a82b4a435e0931f
SHA512

358d6ff9f6a7c594e482a64e1085bd56366dbf094bd81907a9709bb54e2e588d4b8d76da2c8dad5edd2de2ec9a7607758174d16cd919add950ad0cddeb619f13
SSDEEP

49152:43VZ7NK4Y745jZOTTGANUjKUlqGFLiELag7p9UD5DBE9:43VZ5w74LkKbqwt4a

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1804	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2952	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
26	raw.githubusercontent.com
27	raw.githubusercontent.com

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1804	java.exe
1804	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2952	1804	java.exe	92
PID 1804 wrote to memory of 2952	1804	java.exe	92
PID 1804 wrote to memory of 488	1804	java.exe	94
PID 1804 wrote to memory of 488	1804	java.exe	94

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Iris-Installer-3.2.0.jar
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2952
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3964 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5240816116000.dll

Filesize
9KB

MD5
b0366e31f3704da1e9552633a07f77db

SHA1
fd3058cc08a5e00b56301dc44e0e05854a5e55ea

SHA256
18f1f5afec89f152afe1c57cffe9a77c158d840f6e00ec7a343b685caa3d8853

SHA512
d8e621eb9b15103a70544affbd7e3fdf52fe14bdae754fd9551508ed8785d53b6205082de41a575acffe5d1c80d419eda16d79834fdbad9cc8df798dcaa4eaa4

Download Submit
memory/1804-2-0x000001F2D86B0000-0x000001F2D8920000-memory.dmp

Filesize
2.4MB

Download
memory/1804-11-0x000001F2D6CD0000-0x000001F2D6CD1000-memory.dmp

Filesize
4KB

Download
memory/1804-19-0x000001F2D6CD0000-0x000001F2D6CD1000-memory.dmp

Filesize
4KB

Download
memory/1804-29-0x000001F2D6CD0000-0x000001F2D6CD1000-memory.dmp

Filesize
4KB

Download
memory/1804-73-0x000001F2D8920000-0x000001F2D8930000-memory.dmp

Filesize
64KB

Download
memory/1804-79-0x000001F2D86B0000-0x000001F2D8920000-memory.dmp

Filesize
2.4MB

Download
memory/1804-80-0x000001F2D8930000-0x000001F2D8940000-memory.dmp

Filesize
64KB

Download
memory/1804-83-0x000001F2D8940000-0x000001F2D8950000-memory.dmp

Filesize
64KB

Download
memory/1804-84-0x000001F2D8950000-0x000001F2D8960000-memory.dmp

Filesize
64KB

Download
memory/1804-87-0x000001F2D8960000-0x000001F2D8970000-memory.dmp

Filesize
64KB

Download
memory/1804-89-0x000001F2D8970000-0x000001F2D8980000-memory.dmp

Filesize
64KB

Download
memory/1804-92-0x000001F2D8980000-0x000001F2D8990000-memory.dmp

Filesize
64KB

Download
memory/1804-93-0x000001F2D8990000-0x000001F2D89A0000-memory.dmp

Filesize
64KB

Download
memory/1804-95-0x000001F2D89A0000-0x000001F2D89B0000-memory.dmp

Filesize
64KB

Download
memory/1804-97-0x000001F2D89B0000-0x000001F2D89C0000-memory.dmp

Filesize
64KB

Download
memory/1804-100-0x000001F2D89C0000-0x000001F2D89D0000-memory.dmp

Filesize
64KB

Download
memory/1804-102-0x000001F2D8930000-0x000001F2D8940000-memory.dmp

Filesize
64KB

Download
memory/1804-99-0x000001F2D8920000-0x000001F2D8930000-memory.dmp

Filesize
64KB

Download
memory/1804-103-0x000001F2D89D0000-0x000001F2D89E0000-memory.dmp

Filesize
64KB

Download
memory/1804-105-0x000001F2D8940000-0x000001F2D8950000-memory.dmp

Filesize
64KB

Download
memory/1804-106-0x000001F2D89E0000-0x000001F2D89F0000-memory.dmp

Filesize
64KB

Download
memory/1804-109-0x000001F2D89F0000-0x000001F2D8A00000-memory.dmp

Filesize
64KB

Download
memory/1804-108-0x000001F2D8950000-0x000001F2D8960000-memory.dmp

Filesize
64KB

Download
memory/1804-111-0x000001F2D8960000-0x000001F2D8970000-memory.dmp

Filesize
64KB

Download
memory/1804-112-0x000001F2D8A00000-0x000001F2D8A10000-memory.dmp

Filesize
64KB

Download
memory/1804-115-0x000001F2D8A10000-0x000001F2D8A20000-memory.dmp

Filesize
64KB

Download
memory/1804-114-0x000001F2D8970000-0x000001F2D8980000-memory.dmp

Filesize
64KB

Download
memory/1804-118-0x000001F2D8980000-0x000001F2D8990000-memory.dmp

Filesize
64KB

Download
memory/1804-119-0x000001F2D8A20000-0x000001F2D8A30000-memory.dmp

Filesize
64KB

Download
memory/1804-124-0x000001F2D89A0000-0x000001F2D89B0000-memory.dmp

Filesize
64KB

Download
memory/1804-123-0x000001F2D8A40000-0x000001F2D8A50000-memory.dmp

Filesize
64KB

Download
memory/1804-122-0x000001F2D8A30000-0x000001F2D8A40000-memory.dmp

Filesize
64KB

Download
memory/1804-121-0x000001F2D8990000-0x000001F2D89A0000-memory.dmp

Filesize
64KB

Download
memory/1804-125-0x000001F2D6CD0000-0x000001F2D6CD1000-memory.dmp

Filesize
4KB

Download
memory/1804-128-0x000001F2D89B0000-0x000001F2D89C0000-memory.dmp

Filesize
64KB

Download
memory/1804-129-0x000001F2D8A50000-0x000001F2D8A60000-memory.dmp

Filesize
64KB

Download
memory/1804-132-0x000001F2D8A60000-0x000001F2D8A70000-memory.dmp

Filesize
64KB

Download
memory/1804-131-0x000001F2D89C0000-0x000001F2D89D0000-memory.dmp

Filesize
64KB

Download
memory/1804-141-0x000001F2D89D0000-0x000001F2D89E0000-memory.dmp

Filesize
64KB

Download
memory/1804-142-0x000001F2D8A70000-0x000001F2D8A80000-memory.dmp

Filesize
64KB

Download
memory/1804-146-0x000001F2D8A80000-0x000001F2D8A90000-memory.dmp

Filesize
64KB

Download
memory/1804-145-0x000001F2D89E0000-0x000001F2D89F0000-memory.dmp

Filesize
64KB

Download
memory/1804-150-0x000001F2D8A90000-0x000001F2D8AA0000-memory.dmp

Filesize
64KB

Download
memory/1804-149-0x000001F2D89F0000-0x000001F2D8A00000-memory.dmp

Filesize
64KB

Download
memory/1804-153-0x000001F2D8AA0000-0x000001F2D8AB0000-memory.dmp

Filesize
64KB

Download
memory/1804-152-0x000001F2D8A00000-0x000001F2D8A10000-memory.dmp

Filesize
64KB

Download
memory/1804-156-0x000001F2D8A10000-0x000001F2D8A20000-memory.dmp

Filesize
64KB

Download
memory/1804-157-0x000001F2D8AB0000-0x000001F2D8AC0000-memory.dmp

Filesize
64KB

Download
memory/1804-163-0x000001F2D8AC0000-0x000001F2D8AD0000-memory.dmp

Filesize
64KB

Download
memory/1804-162-0x000001F2D8A20000-0x000001F2D8A30000-memory.dmp

Filesize
64KB

Download
memory/1804-165-0x000001F2D8AD0000-0x000001F2D8AE0000-memory.dmp

Filesize
64KB

Download
memory/1804-164-0x000001F2D8A30000-0x000001F2D8A40000-memory.dmp

Filesize
64KB

Download
memory/1804-169-0x000001F2D8AE0000-0x000001F2D8AF0000-memory.dmp

Filesize
64KB

Download
memory/1804-168-0x000001F2D8A40000-0x000001F2D8A50000-memory.dmp

Filesize
64KB

Download
memory/1804-176-0x000001F2D8AF0000-0x000001F2D8B00000-memory.dmp

Filesize
64KB

Download
memory/1804-175-0x000001F2D8A50000-0x000001F2D8A60000-memory.dmp

Filesize
64KB

Download
memory/1804-180-0x000001F2D8B00000-0x000001F2D8B10000-memory.dmp

Filesize
64KB

Download
memory/1804-179-0x000001F2D8A60000-0x000001F2D8A70000-memory.dmp

Filesize
64KB

Download
memory/1804-184-0x000001F2D8B10000-0x000001F2D8B20000-memory.dmp

Filesize
64KB

Download
memory/1804-183-0x000001F2D8A70000-0x000001F2D8A80000-memory.dmp

Filesize
64KB

Download
memory/1804-185-0x000001F2D8A80000-0x000001F2D8A90000-memory.dmp

Filesize
64KB

Download
memory/1804-186-0x000001F2D8B20000-0x000001F2D8B30000-memory.dmp

Filesize
64KB

Download
memory/1804-191-0x000001F2D8B30000-0x000001F2D8B40000-memory.dmp

Filesize
64KB

Download
memory/1804-189-0x000001F2D8A90000-0x000001F2D8AA0000-memory.dmp

Filesize
64KB

Download
memory/1804-194-0x000001F2D8AA0000-0x000001F2D8AB0000-memory.dmp

Filesize
64KB

Download
memory/1804-195-0x000001F2D8B40000-0x000001F2D8B50000-memory.dmp

Filesize
64KB

Download
memory/1804-211-0x000001F2D8AB0000-0x000001F2D8AC0000-memory.dmp

Filesize
64KB

Download
memory/1804-212-0x000001F2D8B50000-0x000001F2D8B60000-memory.dmp

Filesize
64KB

Download
memory/1804-222-0x000001F2D8B60000-0x000001F2D8B70000-memory.dmp

Filesize
64KB

Download
memory/1804-221-0x000001F2D8AC0000-0x000001F2D8AD0000-memory.dmp

Filesize
64KB

Download
memory/1804-241-0x000001F2D8AD0000-0x000001F2D8AE0000-memory.dmp

Filesize
64KB

Download
memory/1804-242-0x000001F2D8B70000-0x000001F2D8B80000-memory.dmp

Filesize
64KB

Download
memory/1804-253-0x000001F2D8B80000-0x000001F2D8B90000-memory.dmp

Filesize
64KB

Download
memory/1804-252-0x000001F2D8AE0000-0x000001F2D8AF0000-memory.dmp

Filesize
64KB

Download
memory/1804-258-0x000001F2D8B90000-0x000001F2D8BA0000-memory.dmp

Filesize
64KB

Download
memory/1804-257-0x000001F2D8AF0000-0x000001F2D8B00000-memory.dmp

Filesize
64KB

Download
memory/1804-267-0x000001F2D8B00000-0x000001F2D8B10000-memory.dmp

Filesize
64KB

Download
memory/1804-268-0x000001F2D8BA0000-0x000001F2D8BB0000-memory.dmp

Filesize
64KB

Download
memory/1804-283-0x000001F2D8B10000-0x000001F2D8B20000-memory.dmp

Filesize
64KB

Download
memory/1804-285-0x000001F2D8B20000-0x000001F2D8B30000-memory.dmp

Filesize
64KB

Download
memory/1804-288-0x000001F2D8B30000-0x000001F2D8B40000-memory.dmp

Filesize
64KB

Download
memory/1804-295-0x000001F2D8BB0000-0x000001F2D8BC0000-memory.dmp

Filesize
64KB

Download
memory/1804-294-0x000001F2D8B40000-0x000001F2D8B50000-memory.dmp

Filesize
64KB

Download
memory/1804-298-0x000001F2D8BC0000-0x000001F2D8BD0000-memory.dmp

Filesize
64KB

Download
memory/1804-297-0x000001F2D8B50000-0x000001F2D8B60000-memory.dmp

Filesize
64KB

Download
memory/1804-301-0x000001F2D8BD0000-0x000001F2D8BE0000-memory.dmp

Filesize
64KB

Download
memory/1804-300-0x000001F2D8B60000-0x000001F2D8B70000-memory.dmp

Filesize
64KB

Download
memory/1804-307-0x000001F2D8B70000-0x000001F2D8B80000-memory.dmp

Filesize
64KB

Download
memory/1804-309-0x000001F2D8B80000-0x000001F2D8B90000-memory.dmp

Filesize
64KB

Download
memory/1804-310-0x000001F2D8BE0000-0x000001F2D8BF0000-memory.dmp

Filesize
64KB

Download
memory/1804-312-0x000001F2D8B90000-0x000001F2D8BA0000-memory.dmp

Filesize
64KB

Download
memory/1804-313-0x000001F2D8BF0000-0x000001F2D8C00000-memory.dmp

Filesize
64KB

Download
memory/1804-316-0x000001F2D8BA0000-0x000001F2D8BB0000-memory.dmp

Filesize
64KB

Download
memory/1804-317-0x000001F2D8C00000-0x000001F2D8C10000-memory.dmp

Filesize
64KB

Download
memory/1804-320-0x000001F2D8C10000-0x000001F2D8C20000-memory.dmp

Filesize
64KB

Download
memory/1804-326-0x000001F2D8C20000-0x000001F2D8C30000-memory.dmp

Filesize
64KB

Download
memory/1804-329-0x000001F2D8BB0000-0x000001F2D8BC0000-memory.dmp

Filesize
64KB

Download
memory/1804-330-0x000001F2D8C30000-0x000001F2D8C40000-memory.dmp

Filesize
64KB

Download
memory/1804-370-0x000001F2D8BC0000-0x000001F2D8BD0000-memory.dmp

Filesize
64KB

Download
memory/1804-371-0x000001F2D8C40000-0x000001F2D8C50000-memory.dmp

Filesize
64KB

Download