1ab7b5aa280179b9f9550489c61512cbfd23219d31bbcbc9955340573323fd2e

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SS Tool [Extract]/Applications/Xray Pack Test.jar
Size

4KB
MD5

650a98101c915979caaefff531ccc684
SHA1

946be0460303245dfb1d6ffefa8e25b5ca18bd03
SHA256

0733304d982e64612ed2162299f4c8ae7a8a45072fbe98d998e641d7c24208c3
SHA512

a1e5f75126298a20a6be1ca6a455861f60ca48ecfc1d54d1c3799d7382ef97c38924d822b8f99844b59f4479d4b794daa9cfa6371a396e42cb5e4031cb8e26c4
SSDEEP

96:t2nvgzcmy5lhohAgN9SMQBJVLrIYXSTpUOv+BX92k1vvJ6wbb/ia:t2nYgmy5lhohAUSXVLrI3dU/+Uvx6wbl

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3528 icacls.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

java.exe

pid process

4192 java.exe
4192 java.exe
4192 java.exe
4192 java.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

java.exe

description pid process target process

PID 4192 wrote to memory of 3528 4192 java.exe icacls.exe
PID 4192 wrote to memory of 3528 4192 java.exe icacls.exe

pid	process
3528	icacls.exe

pid	process
4192	java.exe
4192	java.exe
4192	java.exe
4192	java.exe

description	pid	process	target process
PID 4192 wrote to memory of 3528	4192	java.exe	icacls.exe
PID 4192 wrote to memory of 3528	4192	java.exe	icacls.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\SS Tool [Extract]\Applications\Xray Pack Test.jar"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
cf99fb3ffc75b2fa6e796189e7560e95

SHA1
37c90f69fd15d2b563db36861355cc3574dbaf80

SHA256
2fe79e6b25dccbe89f2329cf58841214d62c3e820d0cfe20024453fb5e995479

SHA512
8542951b01bca691594cc2f567a8f1ae10bec192cd6bb80159395d185dba50ffe2f1ce229c228e073b4b9adba51d50e8f894fe02c39ce5b04f827988263c0208

Download Submit
memory/4192-50-0x00000142A8560000-0x00000142A8570000-memory.dmp

Filesize
64KB

Download
memory/4192-20-0x00000142A82C0000-0x00000142A82C1000-memory.dmp

Filesize
4KB

Download
memory/4192-55-0x00000142A8580000-0x00000142A8590000-memory.dmp

Filesize
64KB

Download
memory/4192-56-0x00000142A85A0000-0x00000142A85B0000-memory.dmp

Filesize
64KB

Download
memory/4192-27-0x00000142A82E0000-0x00000142A8550000-memory.dmp

Filesize
2.4MB

Download
memory/4192-32-0x00000142A8550000-0x00000142A8560000-memory.dmp

Filesize
64KB

Download
memory/4192-35-0x00000142A8560000-0x00000142A8570000-memory.dmp

Filesize
64KB

Download
memory/4192-39-0x00000142A8570000-0x00000142A8580000-memory.dmp

Filesize
64KB

Download
memory/4192-42-0x00000142A8580000-0x00000142A8590000-memory.dmp

Filesize
64KB

Download
memory/4192-45-0x00000142A8550000-0x00000142A8560000-memory.dmp

Filesize
64KB

Download
memory/4192-48-0x00000142A8590000-0x00000142A85A0000-memory.dmp

Filesize
64KB

Download
memory/4192-2-0x00000142A82E0000-0x00000142A8550000-memory.dmp

Filesize
2.4MB

Download
memory/4192-88-0x00000142A85D0000-0x00000142A85E0000-memory.dmp

Filesize
64KB

Download
memory/4192-17-0x00000142A82C0000-0x00000142A82C1000-memory.dmp

Filesize
4KB

Download
memory/4192-21-0x00000142A82C0000-0x00000142A82C1000-memory.dmp

Filesize
4KB

Download
memory/4192-60-0x00000142A85B0000-0x00000142A85C0000-memory.dmp

Filesize
64KB

Download
memory/4192-59-0x00000142A8590000-0x00000142A85A0000-memory.dmp

Filesize
64KB

Download
memory/4192-67-0x00000142A85C0000-0x00000142A85D0000-memory.dmp

Filesize
64KB

Download
memory/4192-68-0x00000142A85A0000-0x00000142A85B0000-memory.dmp

Filesize
64KB

Download
memory/4192-71-0x00000142A85B0000-0x00000142A85C0000-memory.dmp

Filesize
64KB

Download
memory/4192-73-0x00000142A85D0000-0x00000142A85E0000-memory.dmp

Filesize
64KB

Download
memory/4192-79-0x00000142A85E0000-0x00000142A85F0000-memory.dmp

Filesize
64KB

Download
memory/4192-78-0x00000142A85C0000-0x00000142A85D0000-memory.dmp

Filesize
64KB

Download
memory/4192-80-0x00000142A82C0000-0x00000142A82C1000-memory.dmp

Filesize
4KB

Download
memory/4192-84-0x00000142A85F0000-0x00000142A8600000-memory.dmp

Filesize
64KB

Download
memory/4192-53-0x00000142A8570000-0x00000142A8580000-memory.dmp

Filesize
64KB

Download