9398f88caa92f976eb765ac121aaa17fef94b0ac461aafa372b2c3874e246195

Analysis

max time kernel
140s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CoralReef-2.5-1.12.2.jar
Size

71KB
MD5

c6eb6d2f4417b231b88a71633f9ea211
SHA1

d3e1bf331eb3d875544062a48ed6ec39a701974a
SHA256

9398f88caa92f976eb765ac121aaa17fef94b0ac461aafa372b2c3874e246195
SHA512

ad16cacb96b101db5d23d8eca2edf12d9031d39dbe44e8937bf86dd3e83ceb85c9cf522c59141004e0e1d7a156bf587f6190d93f5feff1d3035f604b4a063bb0
SSDEEP

768:Rg30D907c+JON6ALZniiLMFwkp35u35+353v35k735B35O35H35F535Yu35U3jCx:RgkD9nEgfZLLKy3ANY0xN

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3232	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3232	1052	java.exe	84
PID 1052 wrote to memory of 3232	1052	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\CoralReef-2.5-1.12.2.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d671a52fc522fc215dbb7837af0eb836

SHA1
0f7900edcb6384adbb71c086aa65ecd1d3327bf3

SHA256
9a3ea3a618112884cce47ef9a63c29643d76f39fcec72632d75e1e7f47c3733a

SHA512
c301d9d41a9e9497b6a822c54ad27fc0aa18b3224b5f4a147d6dd5bc03f514b6640c6363218e5091218004da175843e2b2e596ee71e830b8bc8632bb19eee88e

Download Submit
memory/1052-2-0x00000202E6780000-0x00000202E69F0000-memory.dmp

Filesize
2.4MB

Download
memory/1052-11-0x00000202E4EC0000-0x00000202E4EC1000-memory.dmp

Filesize
4KB

Download
memory/1052-13-0x00000202E6780000-0x00000202E69F0000-memory.dmp

Filesize
2.4MB

Download