Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
ysoserial-all.jar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ysoserial-all.jar
Resource
win10v2004-20240426-en
General
-
Target
ysoserial-all.jar
-
Size
56.8MB
-
MD5
5f8b625e5b48ed2691d6314d83d9a7f2
-
SHA1
f7edfc4e9591e1af51a2cd5f773d75ad4f02be3f
-
SHA256
2c9bddd6a1a4ec66c1078ea97dacb61eb66d1c41aec7b6d21e3c72214ce170f1
-
SHA512
f2508b7c0445352fec089dd5aa4ab721649e138fd4c9445dad69ac10deaaf2a62188387a5ad5477dd2349f2e57408d6994185cda0469b1bde767d08807a03a6a
-
SSDEEP
786432:P8CPtkgwmPJoQcch6Ohf96EyP2JjeUFmI8jM3MXVQNxnbVjACuhLrnPfee:UCPtkgTJXcbFsJjsljM8obVjBGLDX3
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 4064 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1076 wrote to memory of 4064 1076 java.exe 84 PID 1076 wrote to memory of 4064 1076 java.exe 84
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\ysoserial-all.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1076 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:4064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5665b0a1011c80d5a03e065b44a2a6a25
SHA1d2060341bc17dd44a80c53eb3853c8e08322c184
SHA2568738c0eba06ce12beee69a49ecc343b315d821a64dc833a8dc8d9e2f8be4f44e
SHA512fba636d059e4ecc985a10e98e8c41c650dbf2bc24530d14d65fe976466af6d42074beeddd8f7d04654e5a3b717aa20202d2f47248d99246f149c233fea62c558