9424128833a503e72a27491b27e772139f5c5e078f7d7401048feb17e82f2fca

Analysis

max time kernel
130s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

features/jre.win32.win32.x86.feature_1.8.0.u171/jre/lib/management-agent.jar
Size

381B
MD5

07fcae6d51e4cb93d7d47d15d6cd30f3
SHA1

b3f3d43ab40eef73ad9963a3358085c7687fc354
SHA256

10f48ee99509bf660584e2629e96088b4c1c9dc0c1820a1307d17fe6dc3072ba
SHA512

e4c141b21e0d23531197552b8e8b422bd3ffe384ca1ad5062d8697fb92017e230f472d309d91a48661462bfba48cb96648cd4b4eb581a2053078bef48d01d625

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1568 icacls.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 3228 wrote to memory of 1568 3228 java.exe icacls.exe
PID 3228 wrote to memory of 1568 3228 java.exe icacls.exe

pid	process
1568	icacls.exe

description	pid	process	target process
PID 3228 wrote to memory of 1568	3228	java.exe	icacls.exe
PID 3228 wrote to memory of 1568	3228	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\features\jre.win32.win32.x86.feature_1.8.0.u171\jre\lib\management-agent.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3228

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
917ccb7b25500c6517bcd6ccfacd99e8

SHA1
978ea1a3b9c9a982f953b5e3a7adfb93c4aa7322

SHA256
f895dee72897b9fefc1a2fd3e8e678321eb65696cff5bdf073271b90613e4514

SHA512
c90ce0482c6f7a8fcc35cba10dabbaa763a7ed32a76d07693e25b2cfb3e0fd07896f9a50217f85b4a6c90f760bfe6bdf0cb3ed4ba52b4a650e205c3d870c5cfa

Download Submit
memory/3228-2-0x0000018AB6950000-0x0000018AB6BC0000-memory.dmp

Filesize
2.4MB

Download
memory/3228-12-0x0000018AB6930000-0x0000018AB6931000-memory.dmp

Filesize
4KB

Download
memory/3228-13-0x0000018AB6950000-0x0000018AB6BC0000-memory.dmp

Filesize
2.4MB

Download