0276a6911b05390df9f31fec82bb1aa4fdb313ea2e26e24437f556873db0bde2

Analysis

max time kernel
133s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ThreeTierIntranetTemplate.jar
Size

101KB
MD5

8423c6c2af83a69663ffdaf826673cc4
SHA1

10ba5716c1c171789d773917a1b3e0a018d66729
SHA256

0276a6911b05390df9f31fec82bb1aa4fdb313ea2e26e24437f556873db0bde2
SHA512

8c62e83d26e89c881294a6bb4b1069c5b8d343f2a926c9ee3bfd57072906ce679fabf99a46de8310e70aa01c1a1de09a79143935a77bc7f648283e5dcdfcbcf7
SSDEEP

3072:9nlx64Dbgszhg/hy39wkzUUK/Gx8g68STvLom:Zlzbgym/3G8g0v8m

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2872	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 2872	4448	java.exe	84
PID 4448 wrote to memory of 2872	4448	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ThreeTierIntranetTemplate.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d30ac79abfed79b546179ae422370f4d

SHA1
c64d2dd56f847d6d393aa83964687e6252defc69

SHA256
079ca0a3dac75de916443bab91e2aba5148ab70bfeafc7ee8f49993d1e5f643c

SHA512
0d5e99e4366c8e48977824def3c86f9a7526f63921a24c8582de19b561c97276de9b72edbd1872866b5bbfadc34b00a2c1c2ed087d573e8b46c625013ff05d9a

Download Submit
memory/4448-2-0x0000020335490000-0x0000020335700000-memory.dmp

Filesize
2.4MB

Download
memory/4448-12-0x0000020333CB0000-0x0000020333CB1000-memory.dmp

Filesize
4KB

Download
memory/4448-13-0x0000020335490000-0x0000020335700000-memory.dmp

Filesize
2.4MB

Download