Overview

overview

7

Static

static

1

EstacionDeTrabajo.jar

windows7-x64

1

EstacionDeTrabajo.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EstacionDeTrabajo.jar

  • Size

    878KB

  • MD5

    06751c2562861cdd322e060a74674d8b

  • SHA1

    bca6086e5acaeb51747329079a1a0f6ff1551ee4

  • SHA256

    9257bb32ae55e317025e34a5db67db53f03fc48cc8acba0687b0bba1af24cb41

  • SHA512

    bcb29b751bfc2a80de14ccb139a910ae9d2c719d2a4b355fa56372200cbd843385032960a560041f07a5ac72251e20a17d0490a2f1bb762c05dc52cf19957116

  • SSDEEP

    6144:hg/8D/KzNOsRSOBMKVO4alrP5Fmctqq+Z/iz4e5mmwYb/cvfAq/+O8KkVdmvL1QS:hgbzcsbVHSj0Vb

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\EstacionDeTrabajo.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:3892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    0354f8f5f5fe191de083811a8da3f663

    SHA1

    6f621051500ae518e478c12787220628aec6776f

    SHA256

    a3d0059b2c7c7318171d6742aacc13d059956397e95359fb9b7e7316c33962af

    SHA512

    0e56f36e6c5c18c0fbfbdc51d14322647e92c798aa94dcd5549dac6fb43b0b514c15f11d1445b6221f9b277f4295fd8bd1c38c6b521b1e0d52278749bd40b349

    Download Submit

  • memory/2988-2-0x00000202BC4E0000-0x00000202BC750000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2988-15-0x00000202BC4C0000-0x00000202BC4C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2988-21-0x00000202BC4E0000-0x00000202BC750000-memory.dmp

    Filesize

    2.4MB

    Download