5ead661727d1e7ed4cf660c0904c71d93e01ebb8c744160bd122442580fe5206

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

jmx_prometheus_javaagent-0.14.0.jar
Size

404KB
MD5

9a4d4cd0150c734ad4d172def0997772
SHA1

7541a57484f3bc765d8c14e881ec8d445067b81c
SHA256

5ead661727d1e7ed4cf660c0904c71d93e01ebb8c744160bd122442580fe5206
SHA512

745699eda3dbdd42bc44fb2904cef7f09767ea0b86cf24fd2991bc0a2874717e3b3a4b1bc5bf551c120159f8869313714a02358d09357b3f2c11bc1d6724c852
SSDEEP

12288:3rGdSnljIsFFn7hj25I7EafOpRjMCXKYPKyMu4W:36dBsX7hoI7El4+guP

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2636	icacls.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 2636	3592	java.exe	84
PID 3592 wrote to memory of 2636	3592	java.exe	84

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\jmx_prometheus_javaagent-0.14.0.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6074221de0084f751c6429bcf6df3553

SHA1
6b2f54f2aee6aec7a3cf5c33e38929c32745e15e

SHA256
64321fd24ec22414d27cd32c50e7d943501f1ebc39f34337c15bb8240c0c5996

SHA512
92c70ae2ddc4a4a894a11d9a2fd56ac623caeb1ad61527c5b0b51efcaed87aca1c5155bd3e832e31b4404c58cae066b0bfdd7a820453a7134188fbf2592748f6

Download Submit
memory/3592-2-0x000001AF57850000-0x000001AF57AC0000-memory.dmp

Filesize
2.4MB

Download
memory/3592-12-0x000001AF55F90000-0x000001AF55F91000-memory.dmp

Filesize
4KB

Download
memory/3592-13-0x000001AF57850000-0x000001AF57AC0000-memory.dmp

Filesize
2.4MB

Download