Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    9352FA0B25F6C3704A695FB38A065FBEBA6FC5BD-validator-20200626-patched2.jar

  • Size

    4.1MB

  • MD5

    0687067137e62e591e9ce6ebab336e7b

  • SHA1

    9352fa0b25f6c3704a695fb38a065fbeba6fc5bd

  • SHA256

    42c9dd6373c3cef18d96892cb0065e562d0ede0400907697555dc5141dbc0fe5

  • SHA512

    ed0e3cbd66161533f2da5e569359c81d6d56e15e38eea3f85646a92bb7195d39750b30d8d50c9f808a605a1cbad49de844d3adfae206c1533bf1fccaff1de606

  • SSDEEP

    98304:Oi5vU64NdUYHskaKMLja8s0mZ+HWK3lAawkekTTE:T5vU6qxpJM3a8s0mZ+2gM6E

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\9352FA0B25F6C3704A695FB38A065FBEBA6FC5BD-validator-20200626-patched2.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3276
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1820

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

          Filesize

          46B

          MD5

          060b3d6205150f805bfd2bdf6f63780f

          SHA1

          6d8fa16e70e4f8756b3cda4ffd32e7193af032f3

          SHA256

          23b8d0724d203f740a9c877fd940edc14dc53b12107efd442d9bc209c131af12

          SHA512

          6fba045c4d90702bbb651939baf3ce78984a626a81b41ae77932e6cdbbd32fa20a461868e8f5c9c80014d1f5395bf1e8d3a45ad510210a82a8b2d72374a6e907

        • memory/3276-2-0x000002DBBD690000-0x000002DBBD900000-memory.dmp

          Filesize

          2.4MB

        • memory/3276-12-0x000002DBBD670000-0x000002DBBD671000-memory.dmp

          Filesize

          4KB

        • memory/3276-13-0x000002DBBD690000-0x000002DBBD900000-memory.dmp

          Filesize

          2.4MB