9424128833a503e72a27491b27e772139f5c5e078f7d7401048feb17e82f2fca

Analysis

max time kernel
129s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dropins/eclipse/plugins/org.eclipse.compare.nl_it_4.2.0.v20130724060447.jar
Size

12KB
MD5

47fe6b5043cfcaa6c29d2c50b5c1b565
SHA1

f3e13da93ace45ad748cce475d3b5f716d8d1797
SHA256

a02414ed7cd45d67992dcdff1f1aa0d65fc4897f6cce8e2efd7906585da4fc83
SHA512

7b25f8ee9aee9f6df48163d1659aa4dab2e87ca089c56609ac8c7a043caa6b3ae9cca841df0bcefc5375c28e4f3cae6e85278f9ed8d7bc986236372033dd303e
SSDEEP

192:abRfkIMqNyzTw2WM9k2w4pQlZoPzESP1jXYH/sxeiJs+T7yVOkA1j6D05TndFxme:9qNWw2XW4fPNXYfsxJJs+ycFSIdADxkl

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4712 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 4156 wrote to memory of 4712 4156 java.exe icacls.exe
PID 4156 wrote to memory of 4712 4156 java.exe icacls.exe

pid	process
4712	icacls.exe

description	pid	process	target process
PID 4156 wrote to memory of 4712	4156	java.exe	icacls.exe
PID 4156 wrote to memory of 4712	4156	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\dropins\eclipse\plugins\org.eclipse.compare.nl_it_4.2.0.v20130724060447.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4156

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
ac76ae433e72e481a508285c8e970545

SHA1
5fc1ec0b16b89ecc0b9b5ddd1011e469daddee1a

SHA256
32c89ae30b19c1323938e14c0d29e680b451276d3ca50d5b33b4d8eeed3aeda2

SHA512
f5a2d4e029366155f2af421b34327bd2a4f2174cbc3a156c3330c1f9ae1bd314957fcb3706259090bf20a5c0408e95293a6bd9fd53b1e704eef330264befff53

Download Submit
memory/4156-2-0x00000213B0D80000-0x00000213B0FF0000-memory.dmp

Filesize
2.4MB

Download
memory/4156-12-0x00000213AF5B0000-0x00000213AF5B1000-memory.dmp

Filesize
4KB

Download
memory/4156-13-0x00000213B0D80000-0x00000213B0FF0000-memory.dmp

Filesize
2.4MB

Download