a2aa7720b1b234713b9fc9c4fdef962c318da9719da933de4ae2f63e8a56cd8f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6269bc7fb1c334e4f1f4c5fb7836d8d9_JaffaCakes118.jar
Size

484KB
MD5

6269bc7fb1c334e4f1f4c5fb7836d8d9
SHA1

545438b23e66f5e6e7751cbc21a8455fd909b785
SHA256

a2aa7720b1b234713b9fc9c4fdef962c318da9719da933de4ae2f63e8a56cd8f
SHA512

e59cc4eb2184115d8a40a8b08a7af6002f7e7a7c61b5455e3718da383e08549f617374542d9ccbe2a9a4f3e78d3431689e3053681f5d14060bc90b1832243163
SSDEEP

12288:SjOeDcmlOhzEyrXXnjXshSTEqOVP9o/8Fy:gQLXXXwhSgLP9okFy

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4800	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 4800	3632	java.exe	83
PID 3632 wrote to memory of 4800	3632	java.exe	83

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\6269bc7fb1c334e4f1f4c5fb7836d8d9_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
0a62065961c48b153fb8f1aaad4d187e

SHA1
c98da6565e8ac23b10e1050f6785879e770cd74a

SHA256
c156c225b7562012400d7708f3e23811dfa62f44f64dd6c38bd3f474ca92982a

SHA512
362582a61043fd7408add8c0073baa96b308227f772439736eefc31af442aefaecff1a511fd15d061666f33e2ace51b42e2af70ec24abb57a9aa17d80bccf5b7

Download Submit
memory/3632-41-0x0000011A9C3A0000-0x0000011A9C610000-memory.dmp

Filesize
2.4MB

Download
memory/3632-47-0x0000011A9C620000-0x0000011A9C630000-memory.dmp

Filesize
64KB

Download
memory/3632-15-0x0000011A9C610000-0x0000011A9C620000-memory.dmp

Filesize
64KB

Download
memory/3632-16-0x0000011A9C620000-0x0000011A9C630000-memory.dmp

Filesize
64KB

Download
memory/3632-18-0x0000011A9C630000-0x0000011A9C640000-memory.dmp

Filesize
64KB

Download
memory/3632-46-0x0000011A9C610000-0x0000011A9C620000-memory.dmp

Filesize
64KB

Download
memory/3632-24-0x0000011A9C660000-0x0000011A9C670000-memory.dmp

Filesize
64KB

Download
memory/3632-23-0x0000011A9C650000-0x0000011A9C660000-memory.dmp

Filesize
64KB

Download
memory/3632-26-0x0000011A9C670000-0x0000011A9C680000-memory.dmp

Filesize
64KB

Download
memory/3632-28-0x0000011A9C680000-0x0000011A9C690000-memory.dmp

Filesize
64KB

Download
memory/3632-31-0x0000011A9C690000-0x0000011A9C6A0000-memory.dmp

Filesize
64KB

Download
memory/3632-33-0x0000011A9C6A0000-0x0000011A9C6B0000-memory.dmp

Filesize
64KB

Download
memory/3632-34-0x0000011A9C6B0000-0x0000011A9C6C0000-memory.dmp

Filesize
64KB

Download
memory/3632-36-0x0000011A9C6C0000-0x0000011A9C6D0000-memory.dmp

Filesize
64KB

Download
memory/3632-38-0x0000011A9C6D0000-0x0000011A9C6E0000-memory.dmp

Filesize
64KB

Download
memory/3632-43-0x0000011A9C6F0000-0x0000011A9C700000-memory.dmp

Filesize
64KB

Download
memory/3632-42-0x0000011A9C6E0000-0x0000011A9C6F0000-memory.dmp

Filesize
64KB

Download
memory/3632-2-0x0000011A9C3A0000-0x0000011A9C610000-memory.dmp

Filesize
2.4MB

Download
memory/3632-12-0x0000011A9A9A0000-0x0000011A9A9A1000-memory.dmp

Filesize
4KB

Download
memory/3632-48-0x0000011A9C700000-0x0000011A9C710000-memory.dmp

Filesize
64KB

Download
memory/3632-22-0x0000011A9C640000-0x0000011A9C650000-memory.dmp

Filesize
64KB

Download
memory/3632-51-0x0000011A9C710000-0x0000011A9C720000-memory.dmp

Filesize
64KB

Download
memory/3632-50-0x0000011A9C630000-0x0000011A9C640000-memory.dmp

Filesize
64KB

Download
memory/3632-54-0x0000011A9C650000-0x0000011A9C660000-memory.dmp

Filesize
64KB

Download
memory/3632-53-0x0000011A9C640000-0x0000011A9C650000-memory.dmp

Filesize
64KB

Download
memory/3632-55-0x0000011A9C660000-0x0000011A9C670000-memory.dmp

Filesize
64KB

Download
memory/3632-57-0x0000011A9C670000-0x0000011A9C680000-memory.dmp

Filesize
64KB

Download
memory/3632-58-0x0000011A9C680000-0x0000011A9C690000-memory.dmp

Filesize
64KB

Download
memory/3632-59-0x0000011A9C690000-0x0000011A9C6A0000-memory.dmp

Filesize
64KB

Download
memory/3632-61-0x0000011A9C6B0000-0x0000011A9C6C0000-memory.dmp

Filesize
64KB

Download
memory/3632-60-0x0000011A9C6A0000-0x0000011A9C6B0000-memory.dmp

Filesize
64KB

Download
memory/3632-62-0x0000011A9C6C0000-0x0000011A9C6D0000-memory.dmp

Filesize
64KB

Download
memory/3632-63-0x0000011A9C6D0000-0x0000011A9C6E0000-memory.dmp

Filesize
64KB

Download
memory/3632-65-0x0000011A9C6F0000-0x0000011A9C700000-memory.dmp

Filesize
64KB

Download
memory/3632-64-0x0000011A9C6E0000-0x0000011A9C6F0000-memory.dmp

Filesize
64KB

Download
memory/3632-66-0x0000011A9C700000-0x0000011A9C710000-memory.dmp

Filesize
64KB

Download
memory/3632-67-0x0000011A9C710000-0x0000011A9C720000-memory.dmp

Filesize
64KB

Download